Debian Bug report logs -
#733209
ruby-will-paginate: CVE-2013-6459: XSS vulnerabilities
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 27 Dec 2013 05:27:01 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in version ruby-will-paginate/3.0.3-1
Fixed in version ruby-will-paginate/3.0.5-1
Done: Christian Hofstaedtler <zeha@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#733209; Package ruby-will-paginate.
(Fri, 27 Dec 2013 05:27:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>.
(Fri, 27 Dec 2013 05:27:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ruby-will-paginate
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for ruby-will-paginate.
CVE-2013-6459[0]:
XSS vulnerabilities
It is fixed in a new upstream version 3.0.5[1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459
http://security-tracker.debian.org/tracker/CVE-2013-6459
[1] https://github.com/mislav/will_paginate/releases/tag/v3.0.5
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Marked as found in versions ruby-will-paginate/3.0.3-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 27 Dec 2013 05:39:04 GMT) (full text, mbox, link).
Reply sent
to Christian Hofstaedtler <zeha@debian.org>:
You have taken responsibility.
(Mon, 06 Jan 2014 03:24:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 06 Jan 2014 03:24:05 GMT) (full text, mbox, link).
Message #12 received at 733209-close@bugs.debian.org (full text, mbox, reply):
Source: ruby-will-paginate
Source-Version: 3.0.5-1
We believe that the bug you reported is fixed in the latest version of
ruby-will-paginate, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 733209@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hofstaedtler <zeha@debian.org> (supplier of updated ruby-will-paginate package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jan 2014 03:32:10 +0100
Source: ruby-will-paginate
Binary: ruby-will-paginate
Architecture: source all
Version: 3.0.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Christian Hofstaedtler <zeha@debian.org>
Description:
ruby-will-paginate - Pagination for Rails
Closes: 733209
Changes:
ruby-will-paginate (3.0.5-1) unstable; urgency=medium
.
* Team upload.
.
[ Cédric Boutillier ]
* use canonical URI in Vcs-* fields
* debian/copyright: use DEP5 copyright-format/1.0 official URL for
Format field
.
[ Christian Hofstaedtler ]
* Drop transitional packages
* Update (Build-)Depends for ruby2.0, drop ruby1.8
* Bump Standards-Version to 3.9.5 (no changes)
* New upstream release, fixing CVE-2013-6459 (Closes: #733209)
Checksums-Sha1:
00677ef191f78876351d19bde2d02ca5fd47b3f6 2110 ruby-will-paginate_3.0.5-1.dsc
7c682e61c78c6b8a1ad8d10a65d038fc83388545 32537 ruby-will-paginate_3.0.5.orig.tar.gz
e69d1897e94ab6a5ed5bc0958de82c15e508e133 3411 ruby-will-paginate_3.0.5-1.debian.tar.gz
eec02999fb1c2a8159be84b7483f7c4d31ff1948 17870 ruby-will-paginate_3.0.5-1_all.deb
Checksums-Sha256:
0e9ebbff76bac4803d57341f66e3464e21b20b865e992882304c9b255d332713 2110 ruby-will-paginate_3.0.5-1.dsc
ab56530e5f97365731536a7db03d34a24f98f59fed98497e581e611845efd3b1 32537 ruby-will-paginate_3.0.5.orig.tar.gz
67fade869f0499f343b6e13d04ebfa2dad631036fa29804431042a5c08aad190 3411 ruby-will-paginate_3.0.5-1.debian.tar.gz
aa5f0c3d1f6f55e816c8453304ac4c67ad5061063fcf5becc7bcc4471212fcd4 17870 ruby-will-paginate_3.0.5-1_all.deb
Files:
d72bd6d08387d9712c47a445657d7d15 2110 ruby optional ruby-will-paginate_3.0.5-1.dsc
9f023b1fda5cfda697efbc673e7d3d92 32537 ruby optional ruby-will-paginate_3.0.5.orig.tar.gz
19c890a2f5c41a7be20b1299b2ca815f 3411 ruby optional ruby-will-paginate_3.0.5-1.debian.tar.gz
f576a587b292a772135d7bcf0369d103 17870 ruby optional ruby-will-paginate_3.0.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBCAAGBQJSyhqMAAoJEFwT1tuTBS4DUHQP/Ax0ANT7l+IiucYMDS19gBTs
SOu64UvLUQTBSTgyqemBZlgMFw53rNYxfxrvA6ZEPUdOKUrLMMQtkoxnTPDehk1t
kWjBx7xnMamyyk/+gDZ4fC5Rm9OnGMLqkLhCTLAsUZWc68fqBYW8cDGIUeBIzxvG
RqN13/HfgYLpL5K/jn+/s9nPxxXuVMPQePdVF+rC2a31r3i+GXOrpyyfhaX1aBK0
N+YYHdQJqLZ9L6Pj3ve+wQu7ufA3kX8gawzPaX+Ijt1nsBoQEfHxXCQo7mI1jUrN
ilOOggf18UqnLYJOCD7lEHBB0mymSBH3LKJ2b5xx76ztumhwREWTB/Qi9IOvUXsR
8dclPnj4jHAQjaw4FneMCO5x2GybTPXO3REsCHSpRdfn6lmnlOD+VW2reklU1Ss2
hW7x7go32bZoIvKdsa3SjPwb5UTaPzPHZTKSh46sWRU6mu1IOOWJRL+tbVanA/Im
QtFzv4WxXsPHngz3jWDVD0OCFNp1I8ePl2QYipDCfVn42K/g0TV5+3llGCNwW+iI
ZU4GxMkJJIg/wgWETQZxM4MESOtr4kDu0jBuUqq0hjOnAL8/x24HuV1AepFq9RL6
1sUABfRTSPK32x6PUjD6IA81J4HHQzfv7eEU2HuNon5ZszIbpggQlGorSpr9PI77
ykESnVeSD4hfA9JtGLNi
=GnKl
-----END PGP SIGNATURE-----
Bug reopened
Request was from Christian Hofstaedtler <christian@hofstaedtler.name>
to control@bugs.debian.org.
(Mon, 06 Jan 2014 03:27:10 GMT) (full text, mbox, link).
No longer marked as fixed in versions ruby-will-paginate/3.0.5-1.
Request was from Christian Hofstaedtler <christian@hofstaedtler.name>
to control@bugs.debian.org.
(Mon, 06 Jan 2014 03:27:10 GMT) (full text, mbox, link).
Marked as fixed in versions ruby-will-paginate/3.0.5-1.
Request was from Christian Hofstaedtler <zeha@debian.org>
to control@bugs.debian.org.
(Mon, 06 Jan 2014 03:39:13 GMT) (full text, mbox, link).
Reply sent
to Christian Hofstaedtler <zeha@debian.org>:
You have taken responsibility.
(Sun, 01 May 2016 20:21:24 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 01 May 2016 20:21:24 GMT) (full text, mbox, link).
Message #23 received at 733209-close@bugs.debian.org (full text, mbox, reply):
Closing this as the security issue is fixed (at the time of writing
this) in stable and newer.
Thanks,
--
,''`. Christian Hofstaedtler <zeha@debian.org>
: :' : Debian Developer
`. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03
`-
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 30 May 2016 07:26:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:21:37 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon