Debian Bug report logs -
#770932
ruby2.1: CVE-2014-8090
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 25 Nov 2014 10:21:02 UTC
Severity: grave
Tags: security
Found in version ruby2.1/2.1.4-1
Fixed in version ruby2.1/2.1.5-1
Done: Antonio Terceiro <terceiro@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Antonio Terceiro <terceiro@debian.org>:
Bug#770932; Package ruby2.1.
(Tue, 25 Nov 2014 10:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Antonio Terceiro <terceiro@debian.org>.
(Tue, 25 Nov 2014 10:21:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ruby2.1
Severity: grave
Tags: security
Hi,
please see
https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
for details.
Cheers,
Moritz
Reply sent
to Antonio Terceiro <terceiro@debian.org>:
You have taken responsibility.
(Sun, 30 Nov 2014 16:36:29 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Sun, 30 Nov 2014 16:36:29 GMT) (full text, mbox, link).
Message #10 received at 770932-close@bugs.debian.org (full text, mbox, reply):
Source: ruby2.1
Source-Version: 2.1.5-1
We believe that the bug you reported is fixed in the latest version of
ruby2.1, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 770932@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <terceiro@debian.org> (supplier of updated ruby2.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 29 Nov 2014 12:30:39 -0200
Source: ruby2.1
Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc ruby2.1-tcltk
Architecture: source all
Version: 2.1.5-1
Distribution: unstable
Urgency: medium
Maintainer: Antonio Terceiro <terceiro@debian.org>
Changed-By: Antonio Terceiro <terceiro@debian.org>
Description:
libruby2.1 - Libraries necessary to run Ruby 2.1
ruby2.1 - Interpreter of object-oriented scripting language Ruby
ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1
ruby2.1-doc - Documentation for Ruby 2.1
ruby2.1-tcltk - Ruby/Tk for Ruby 2.1
Closes: 769731 770932
Changes:
ruby2.1 (2.1.5-1) unstable; urgency=medium
.
* New upstream release
- Fixes CVE-2014-8090 Another Denial of Service XML Expansion
(Closes: #770932)
- Fixes build on SPARC (Closes: #769731)
Checksums-Sha1:
f9fd6ab53d5621b88669489f1f0861eae8b0208d 2406 ruby2.1_2.1.5-1.dsc
4c70a84f0e88f553235b3e0c2619c193251d4652 8026484 ruby2.1_2.1.5.orig.tar.xz
28899f94e1f1dc4aa47e9b3261a86ea762430d63 84196 ruby2.1_2.1.5-1.debian.tar.xz
02f939f5cf7d1e87e6a7e26dd6e2f76da1026179 3367516 ruby2.1-doc_2.1.5-1_all.deb
Checksums-Sha256:
fe8372daa73dc839fad1115344c1309dfb08c7eec54f859beee0b2dcb89a73c7 2406 ruby2.1_2.1.5-1.dsc
0f8d9b15b38ee8b9a59dd9504404789cd8941da2c3ea079535e24f95e0f7ddc1 8026484 ruby2.1_2.1.5.orig.tar.xz
f295e218e7487abd642eab49652a630ac93810a8b53f233258d0b60ebfe14e24 84196 ruby2.1_2.1.5-1.debian.tar.xz
95e20cd3d2a6205590de2ebc920a7036851612faf3f682ac141f520a9e93ac93 3367516 ruby2.1-doc_2.1.5-1_all.deb
Files:
102cad39a14eb3e03355cffec60c5c48 2406 ruby extra ruby2.1_2.1.5-1.dsc
1fe7f8fe73a3deba9363f391c1083e94 8026484 ruby extra ruby2.1_2.1.5.orig.tar.xz
80c2ddf893e9193263066b61f07de76b 84196 ruby extra ruby2.1_2.1.5-1.debian.tar.xz
1bf221581175f72e3f7cb407b1e13bd0 3367516 doc extra ruby2.1-doc_2.1.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUezJqAAoJEPwNsbvNRgveeycQAIotq1aI+POaeztiVjWfYxaL
uwlOaj7ZKfvVmriAKVt7/O5I0jEXiKCY4nth4PckhXlf7J69coA7z/XJeIDqUjVu
apPipTgpRUXzAtgMUEeuXEfCjJ/H3DRKJNOlToZJ/y5jUgZGh5rP1bNzuMJYclxS
aSaW4wCNrM3Vy+RZK2xBIcqsrpimyvHfecTgFBwy2FdReb7aAg238uXyvNTakwae
Np1YS9u+n5lDCx7+uQ3QqvFncZpFhlJDiBg+CURj4Mhm7+45oGKg3TY6bodx1m0z
0CosJ64FSZfyw6bn3/IPoTJYj5QejolL4T/VthxFEUj/8KcoL2jCTK3o4ZyGYaHc
vOGKNvDJvczNLqES2jIkG+rlbM6tG8xf55geSiZJpzBYvtTDQdy2T0/eaBXzEN/x
2kGqV4T0s/ULUimSvPntmiaLYnoTRhwxDvnXHPV0ph/1hK6NTFh/CcylHlbH0vvp
HQ1em600W20vAqqkDgDUbKzEg9F8zBc4O7qN75WeOhnmQfQ2vqUXDb5+WgIeXEa9
GBnsx3vIpfWBUxZkc+AeVgZHXHmQ9kOTD1F/bwp3NOM4MLGOizGC6CbqYMNXAOuB
yKZX3IQHttERyy9di1A4vtf63X9LcbYW8PxPmco5qEFR0sMZNdoCzY13MK+bq3ep
RFgocP1xStoegd1QFZiz
=P5ol
-----END PGP SIGNATURE-----
Marked as found in versions ruby2.1/2.1.4-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 30 Nov 2014 16:51:19 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 03 Jan 2015 07:28:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:00:05 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon