Debian Bug report logs -
#892865
CVE-2017-11428
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 13 Mar 2018 22:21:05 UTC
Severity: grave
Tags: security
Found in version ruby-saml/1.4.1-1
Fixed in version ruby-saml/1.7.2-1
Done: Cédric Boutillier <boutil@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#892865; Package ruby-saml.
(Tue, 13 Mar 2018 22:21:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>.
(Tue, 13 Mar 2018 22:21:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ruby-saml
Severity: grave
Tags: security
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
Marked as found in versions ruby-saml/1.4.1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 14 Mar 2018 06:24:07 GMT) (full text, mbox, link).
Reply sent
to Cédric Boutillier <boutil@debian.org>:
You have taken responsibility.
(Sun, 18 Mar 2018 06:06:07 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sun, 18 Mar 2018 06:06:07 GMT) (full text, mbox, link).
Message #12 received at 892865-close@bugs.debian.org (full text, mbox, reply):
Source: ruby-saml
Source-Version: 1.7.2-1
We believe that the bug you reported is fixed in the latest version of
ruby-saml, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 892865@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Cédric Boutillier <boutil@debian.org> (supplier of updated ruby-saml package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 18 Mar 2018 05:33:29 +0100
Source: ruby-saml
Binary: ruby-saml
Architecture: source
Version: 1.7.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Cédric Boutillier <boutil@debian.org>
Description:
ruby-saml - SAML toolkit for Ruby on Rails
Closes: 892865
Changes:
ruby-saml (1.7.2-1) unstable; urgency=medium
.
* Team upload
.
[ Praveen Arimbrathodiyil ]
* remove git in gemspec
.
[ Cédric Boutillier ]
* New upstream version 1.7.2
+ Fixes CVE-2017-11428 by processing text of nodes properly, ignoring
comments (Closes: #892865)
* Refresh use-system-lib.patch and remove-git-in-gemspec.patch
* Use salsa.debian.org in Vcs-* fields
* Bump debhelper compatibility level to 11
* Bump Standards-Version to 4.1.3 (no changes needed)
* Use https in watch file, copyright formal URL and homepage field
Checksums-Sha1:
44e2a52dd5c68f8e56bb3d74584ed8cf06323bfc 1722 ruby-saml_1.7.2-1.dsc
81bee4258ea691a28dc100f8f6b4837221f21cec 289865 ruby-saml_1.7.2.orig.tar.gz
4d8667ce86b37bbbb7b4cc132505d41c992ea73f 9912 ruby-saml_1.7.2-1.debian.tar.xz
7e0bc8e8ae3b549eb0f5ec9616abaa50800a983f 6481 ruby-saml_1.7.2-1_source.buildinfo
Checksums-Sha256:
8f406455e32858a28ee3f2090ad6efd1244c0532ecc93e6022fda5cd0d3836cd 1722 ruby-saml_1.7.2-1.dsc
080d605f60bb77cc2de8aed857a5c5fb53de40abed20e8be31621171417ede1b 289865 ruby-saml_1.7.2.orig.tar.gz
af6895796d0ec2566a63d532c956f70e3ae1212eea9e536b34386fe3f0e98e6c 9912 ruby-saml_1.7.2-1.debian.tar.xz
0fd93903d392c7b61e9a2c1789acce005a7563b2bce82dc028c6a3ca1a4607b0 6481 ruby-saml_1.7.2-1_source.buildinfo
Files:
13e9a01d769e35058c45b053304af2b4 1722 ruby optional ruby-saml_1.7.2-1.dsc
4dc5244f1a1ed0f2dd20947db11f076c 289865 ruby optional ruby-saml_1.7.2.orig.tar.gz
400fda88df61fd6dacf2234047860e20 9912 ruby optional ruby-saml_1.7.2-1.debian.tar.xz
41fc7ef8533ceaa9a73a3d9eb3e12985 6481 ruby optional ruby-saml_1.7.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAlqt/jsACgkQia+CtznN
IXpfYggAlrUwWSc0xEsLPMpX7xlBH5DpoRhTMdgiGJG2E/2WnjK4ZN4RA7dNadDU
6Niwb/aR/3IyWg9sVU57LTrpfg6Ydlm6L93q3aErxbbYjMVU2baAQ1BCgEn2xXwn
SmRZYbc+ejhD20nIKzHYXS1JvaJ7oM8WMUWrsbVKt76FhqqtTxUom6HKL0TwPVsy
ec/bRnIMMbmtY900QxWs7h9Tf+yjREVnUYx2tUVbXgiCkbGewNPNiQ4PeA4gCPbe
KOjAKbRg26tsyn18EyzIhZoxhztq7QSKfbRavEn06JTKANIxSvB45l+WLIHhWwvH
F9qaDxckDxnQ8BCxcaOqOweYVD0a9g==
=ZMSG
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:17:42 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon