Debian Bug report logs -
#781238
ruby-rest-client: CVE-2015-1820
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 26 Mar 2015 11:00:01 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version ruby-rest-client/1.6.1-2
Fixed in version ruby-rest-client/1.6.7-6
Done: Sebastien Badia <seb@sebian.fr>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#781238; Package ruby-rest-client.
(Thu, 26 Mar 2015 11:00:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>.
(Thu, 26 Mar 2015 11:00:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ruby-rest-client
Severity: grave
Tags: security
Justification: user security hole
This was assigned CVE-2015-1820:
https://github.com/rest-client/rest-client/issues/369
Cheers,
Moritz
Marked as found in versions ruby-rest-client/1.6.1-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 26 Mar 2015 19:18:09 GMT) (full text, mbox, link).
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 26 Mar 2015 19:18:13 GMT) (full text, mbox, link).
Reply sent
to Sebastien Badia <seb@sebian.fr>:
You have taken responsibility.
(Wed, 08 Apr 2015 15:54:09 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Wed, 08 Apr 2015 15:54:10 GMT) (full text, mbox, link).
Message #14 received at 781238-close@bugs.debian.org (full text, mbox, reply):
Source: ruby-rest-client
Source-Version: 1.6.7-6
We believe that the bug you reported is fixed in the latest version of
ruby-rest-client, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 781238@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Badia <seb@sebian.fr> (supplier of updated ruby-rest-client package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 08 Apr 2015 12:01:20 +0200
Source: ruby-rest-client
Binary: ruby-rest-client
Architecture: source all
Version: 1.6.7-6
Distribution: sid
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Sebastien Badia <seb@sebian.fr>
Description:
ruby-rest-client - simple REST client for Ruby
Closes: 781238
Changes:
ruby-rest-client (1.6.7-6) unstable; urgency=medium
.
* Team upload.
* d/control:
- Bump Standards-Version (no changes)
- Use https and cgit URL for VCS-Browser
- Wrap and sort control file
- Apply upstream patch for CVE-2015-1820 (Closes: #781238)
Checksums-Sha1:
aebdd7fe06333c49c8f5c8df5f8df45f788a7e14 2099 ruby-rest-client_1.6.7-6.dsc
f8bce5c2f36af775a61e0a8516a06037648f6a14 5500 ruby-rest-client_1.6.7-6.debian.tar.xz
86cf0aab60a407e475d5ef0176a20d832e6924f2 20926 ruby-rest-client_1.6.7-6_all.deb
Checksums-Sha256:
3c2bb59c80ccc7bbd6d5786ca6af9fc454533ab6da32d64f876fcbc4ceb73d95 2099 ruby-rest-client_1.6.7-6.dsc
ff39dc6474af5994311bd01475ac99146122782827a089825bced706728e04dc 5500 ruby-rest-client_1.6.7-6.debian.tar.xz
521aeaaf558b3ada471e16917f9c0ebbf43b7aee2396fa0d683413a3b8da113d 20926 ruby-rest-client_1.6.7-6_all.deb
Files:
b9033c38ab53ba36f81eca43ab64d380 2099 ruby optional ruby-rest-client_1.6.7-6.dsc
d76a849b4d7f999e61c9c7bf37d61d89 5500 ruby optional ruby-rest-client_1.6.7-6.debian.tar.xz
933fbeb822ddb8887a4cee318b82192e 20926 ruby optional ruby-rest-client_1.6.7-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVJTwUAAoJEFwT1tuTBS4DQ6wP/izwaTvipiSeGnBH+jgQeZtT
aUaDtwmUfkxvoKDQv/kD4Ad7ddbyILpiMso5oK/gVVGVGuwdp0yWxLCEBzUJ3xSK
Kx720qiMJji24b/JsJpXTi0QadcgeeeTpSjmd0wWROIZb4P/p8zujYEipkZs9uky
QUgQr+FUhMSNpokJNkrJ2Uus84o06pPfNmAImAer359NNoowZgiAvlfG0TEQ38zj
qOCqnh4p/5HO7pGqfhXjKPgw/EgquaBJxal8JWkGxTE0LK1zx0sKjHsBOSERzcX3
3lGpZ4I0ngAOsAGhlA7rBU5zW1Tb4Ajuhp4by4QkSPKdORUhUEJc4StfY4zNe/0V
Fs65MJYzU1eOvO7hwKM6anRQwUlbp+3NjVaU5+6Z1YqDKBMg4BmJpiex64/2gZhf
i5pDWZHH7JlxOa32N6YGTKw4IAPQeOVLtjliQOahVissPWmzkd6J4HJm+LmiExEf
aHaNSvLkQs1f5/4UwYoi8guFlJGxxXNXPa+V2N86oSMrY4d2MKGN5TTJ35n8AFyR
6Q5Bq+JIESgCfaTL4GF//raGoSZI4uzehB7kzkGqNneP7Ylg54IJgoXsC2J5kue5
yZ0ySb6F5v3MaC/VIGx6LPAfVMVdUZA2kyQAV4Oy86DDAWq8oTRKfSn6xyVhWNU5
Di9OdoVqwi6w24pbtvhc
=wgg2
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 May 2015 07:46:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:17:53 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon