Debian Bug report logs -
#913003
ruby-rack: CVE-2018-16470: Possible DoS vulnerability in Rack
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 5 Nov 2018 20:27:02 UTC
Severity: grave
Tags: patch, security, upstream
Found in version ruby-rack/2.0.5-1
Fixed in version ruby-rack/2.0.6-1
Done: Pirate Praveen <praveen@onenetbeyond.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
:
Bug#913003
; Package src:ruby-rack
.
(Mon, 05 Nov 2018 20:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
.
(Mon, 05 Nov 2018 20:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: ruby-rack
Version: 2.0.5-1
Severity: grave
Tags: patch security upstream
Hi,
The following vulnerability was published for ruby-rack, which is only
affecting experimental version. Filling with RC severity as the
vulernable version should not enter unstable.
CVE-2018-16470[0]:
Possible DoS vulnerability in Rack
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-16470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16470
[1] https://www.openwall.com/lists/oss-security/2018/11/05/1
Regards,
Salvatore
Reply sent
to Pirate Praveen <praveen@onenetbeyond.org>
:
You have taken responsibility.
(Fri, 04 Jan 2019 08:57:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Fri, 04 Jan 2019 08:57:03 GMT) (full text, mbox, link).
Message #10 received at 913003-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: fixed -1 2.0.6-1
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
:
Bug#913003
; Package src:ruby-rack
.
(Fri, 04 Jan 2019 12:06:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Pirate Praveen <praveen@onenetbeyond.org>
:
Extra info received and forwarded to list. Copy sent to Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
.
(Fri, 04 Jan 2019 12:06:02 GMT) (full text, mbox, link).
Message #15 received at 913003@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: fixed -1 2.0.6-1
Really add fixed version.
[signature.asc (application/pgp-signature, attachment)]
Marked as fixed in versions ruby-rack/2.0.6-1.
Request was from Pirate Praveen <praveen@onenetbeyond.org>
to 913003-submit@bugs.debian.org
.
(Fri, 04 Jan 2019 12:06:02 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 02 Feb 2019 07:25:17 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:59:49 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.