Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2012-2125 CVE-2012-2126

Related Vulnerabilities: CVE-2012-2125   CVE-2012-2126  

Source

Debian Bug report logs - #670228
CVE-2012-2125 CVE-2012-2126

version graph

Package: rubygems; Maintainer for rubygems is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Tue, 24 Apr 2012 09:27:02 UTC

Severity: grave

Tags: security

Fixed in version rubygems/1.8.24-1

Done: Daigo Moriwaki <daigo@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Daigo Moriwaki <daigo@debian.org>:
Bug#670228; Package rubygems. (Tue, 24 Apr 2012 09:27:07 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Daigo Moriwaki <daigo@debian.org>. (Tue, 24 Apr 2012 09:27:11 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2012-2125 CVE-2012-2126
Date: Tue, 24 Apr 2012 11:23:46 +0200
Package: rubygems
Severity: grave
Tags: security

Please see here for details and patches:
http://www.openwall.com/lists/oss-security/2012/04/20/23

Cheers,
        Moritz

Reply sent to Daigo Moriwaki <daigo@debian.org>:
You have taken responsibility. (Sat, 09 Jun 2012 15:30:09 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sat, 09 Jun 2012 15:30:10 GMT) (full text, mbox, link).

Message #10 received at 670228-close@bugs.debian.org (full text, mbox, reply):

From: Daigo Moriwaki <daigo@debian.org>
To: 670228-close@bugs.debian.org
Subject: Bug#670228: fixed in rubygems 1.8.24-1
Date: Sat, 09 Jun 2012 15:28:47 +0000
Source: rubygems
Source-Version: 1.8.24-1

We believe that the bug you reported is fixed in the latest version of
rubygems, which is due to be installed in the Debian FTP archive:

rubygems-doc_1.8.24-1_all.deb
  to main/r/rubygems/rubygems-doc_1.8.24-1_all.deb
rubygems1.8_1.8.24-1_all.deb
  to main/r/rubygems/rubygems1.8_1.8.24-1_all.deb
rubygems_1.8.24-1.debian.tar.gz
  to main/r/rubygems/rubygems_1.8.24-1.debian.tar.gz
rubygems_1.8.24-1.dsc
  to main/r/rubygems/rubygems_1.8.24-1.dsc
rubygems_1.8.24-1_all.deb
  to main/r/rubygems/rubygems_1.8.24-1_all.deb
rubygems_1.8.24.orig.tar.gz
  to main/r/rubygems/rubygems_1.8.24.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 670228@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daigo Moriwaki <daigo@debian.org> (supplier of updated rubygems package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 09 Jun 2012 18:22:42 +0900
Source: rubygems
Binary: rubygems rubygems1.8 rubygems-doc
Architecture: source all
Version: 1.8.24-1
Distribution: unstable
Urgency: low
Maintainer: Daigo Moriwaki <daigo@debian.org>
Changed-By: Daigo Moriwaki <daigo@debian.org>
Description: 
 rubygems   - package management framework for Ruby libraries/applications
 rubygems-doc - Transitional package for rubygems
 rubygems1.8 - Transitional package for rubygems
Closes: 667054 670228 674401
Changes: 
 rubygems (1.8.24-1) unstable; urgency=low
 .
   * New upstream release. (Closes: #670228)
     - Fixes CVE-2012-2125 CVE-2012-2126.
   * debian/control:
     - Build-Depends on debhelper (>= 8.1.0). (Closes: #667054)
     - Bumps up Standards-Version to 3.9.3.
     - rubygems-doc no longer depends on rubygems,
       fixing a lintian warning: doc-package-depends-on-main-package.
   * Added a patch: debian/patches/20120608-fix-test_gem_platform.rb.diff
     - Imported from the upstream 4a85e2ac70579c32031766338505e85b2c392b27.
   * Added a patch: debian/patches/20120608-fix-assert_match.diff
     - Fixes the incorrect use of assert_match.  (Closes: #674401)
Checksums-Sha1: 
 01be8b20c712fa5a43a17f768e4589429330ddf6 1517 rubygems_1.8.24-1.dsc
 30f27047e74f7943117736a0d3e224994fee0905 380101 rubygems_1.8.24.orig.tar.gz
 eeee55d17af3bcb43d15edb102935c6f1a970dd9 25848 rubygems_1.8.24-1.debian.tar.gz
 c8a030a39ed1dcd13fad0d9f3999d05f363a3564 597242 rubygems_1.8.24-1_all.deb
 7ac7afaa00a368e94d6c3c65e6a1062678f3b311 29284 rubygems1.8_1.8.24-1_all.deb
 9f31a052f4a5fdb7dfd4f150f31d08d0bbc48abe 29276 rubygems-doc_1.8.24-1_all.deb
Checksums-Sha256: 
 1d4c5075136854a9c95934d5aff72f1565896bfcc4f35a7bf2b9f770f77ec2e0 1517 rubygems_1.8.24-1.dsc
 4b61fa51869b3027bcfe67184b42d2e8c23fa6ab17d47c5c438484b9be2821dd 380101 rubygems_1.8.24.orig.tar.gz
 652d9401492bba2dde9301e9954f896219c473cafc997301281721ed078199ca 25848 rubygems_1.8.24-1.debian.tar.gz
 e7f32eb0bdcf6c0f07f957354a6a25d5c9b2fc4e92f6264bcfa080983059bd2e 597242 rubygems_1.8.24-1_all.deb
 e1e0df55c41421d6b6155d1dbfc9ec9051b06fe5ab122145f4880ddcb84a51a6 29284 rubygems1.8_1.8.24-1_all.deb
 12909f0cf492e54c046de02d475d23aae32ae1c1f3958ed05e8592aa9f907c6f 29276 rubygems-doc_1.8.24-1_all.deb
Files: 
 cc3f7d4682a4207dba9ea51355686d10 1517 ruby optional rubygems_1.8.24-1.dsc
 3a555b9d579f6a1a1e110628f5110c6b 380101 ruby optional rubygems_1.8.24.orig.tar.gz
 35e0b4d8e2cbeb6d9140aef0cf6085e9 25848 ruby optional rubygems_1.8.24-1.debian.tar.gz
 b1c7748a02d5f2ae20c9539a649c1328 597242 ruby optional rubygems_1.8.24-1_all.deb
 e906bce12ee19ed3aa4b0614cbd4a2d6 29284 oldlibs extra rubygems1.8_1.8.24-1_all.deb
 4559f0aca43f6a3f7f131ae02d99080a 29276 oldlibs extra rubygems-doc_1.8.24-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk/TU/gACgkQNcPj+ukc0lAfJQCgxK49gSb1HiPm85oMjFDAkjPF
LNQAnidG4gN/uhaL4tXeR1ejyn04QlUI
=gE7H
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 02 Jun 2013 07:46:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Oct 16 10:35:24 2020; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started