Your message dated Mon, 13 Jan 2025 17:22:14 +0000
with message-id <[email protected]>
and subject line Bug#1069969: fixed in ruby3.1 3.1.2-8.5
has caused the Debian Bug report #1069969,
regarding ruby3.1: CVE-2024-27282
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1069969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069969
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby3.2
Version: 3.2.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src;ruby3.1 3.1.2-8
Control: retitle -2 ruby3.1: CVE-2024-27282
Control: found -2 3.1.2-7
Hi,
The following vulnerability was published for ruby.
CVE-2024-27282[0]:
| Arbitrary memory address read vulnerability with Regex search
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-27282
https://www.cve.org/CVERecord?id=CVE-2024-27282
[1]
https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
[2] https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby3.1
Source-Version: 3.1.2-8.5
Done: Sebastian Andrzej Siewior <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ruby3.1, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <[email protected]> (supplier of updated
ruby3.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 10 Jan 2025 15:56:56 +0100
Source: ruby3.1
Architecture: source
Version: 3.1.2-8.5
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team
<[email protected]>
Changed-By: Sebastian Andrzej Siewior <[email protected]>
Closes: 1069969 1087960
Changes:
ruby3.1 (3.1.2-8.5) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix test failures with OpenSSL 3.4 (Closes: #1087960).
* CVE-2024-27282 ("Arbitrary memory address read vulnerability with Regex
search") (Closes: #1069969).
Checksums-Sha1:
492a2a15d8b900eac043adb1ae097ff06ba12372 2599 ruby3.1_3.1.2-8.5.dsc
04adc088733257caa6c3cf6e5c0e0dae5426ce8d 82420 ruby3.1_3.1.2-8.5.debian.tar.xz
Checksums-Sha256:
cb190ec7cb0c308599394c90093bc6f40f925adb7a63a46c6016c4e4b056b810 2599
ruby3.1_3.1.2-8.5.dsc
d85addbdaf9f7b8fa1825575b7451d0fa6fd11d518160f38b12a640dc9c8c417 82420
ruby3.1_3.1.2-8.5.debian.tar.xz
Files:
4fdd16b35152bd6b652947e531cc3fce 2599 ruby optional ruby3.1_3.1.2-8.5.dsc
002c15fbd330c22ffceadfb13187eb11 82420 ruby optional
ruby3.1_3.1.2-8.5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAmeBQb4ACgkQe5boFiqM
9dHuXw/+IbrDgtjsnZWWVjcHh6BwayuR/OSnEm5aaVknINVipsHNMnJjV6CFBVgW
Xfws9GOu+QpYNSNOyqItMumhDizF4eZIMAingkL6HIygV9A0ICRsFLRVLwPp3bcj
clqw9ce0CNosL1HXIhPWKACbl1qgIGGBVNAD6yArdUBp6hEGvOB4NTNe/BZiwJFh
ZZy1tyI85waoiBCQ6jQhsjstyxvEDv5fZ41vNDIyES+ZSWyiR1Xsrg1Xq6UiF4ii
BEi4jaYfpH6msCjVQYkpixwbXwymIr3XEYud6c5+BDq/okwKsKoQo3FhUSLdZ9g1
Ih3iXPrmryMZEA+O4TS5Z7XEwmE+F8Jilwltfb+XNQ13PZCG0H+wRJCfXe0DJ5cy
1l8C/F3M2HTCpBQ/7XMumWUFFHqq/+JqvmdTb9jrrzCodPX2OcIegbky9ocB1Ylp
aLuaW6WGAu12ZMYhe12y3PoWa1ELnOSSEuGadRNXignUGcLnhUpcWfJzWneCOmbz
zH19HKIUJowiXAhN+vB+bfjckt/GLs7Zf5Z6YNuYhutBgRGzVHBsPNm4VPUCQRoW
EH1sppQUmfM3DXccCb9DzLbdH0Nu7w36P6jcWkv+IAhVKuP43uiw1dZLqihszVP8
De37rlYsR9tZAl/ZJF2x9OPEa2NXuTuLI7+RjEwONGomj6QMWQs=
=spAb
-----END PGP SIGNATURE-----
pgpytAQKUzSk7.pgp
Description: PGP signature
--- End Message ---
