Debian Bug report logs -
#701637
CVE-2013-0162
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 25 Feb 2013 15:27:02 UTC
Severity: grave
Tags: security
Fixed in version ruby-parser/2.3.1-2
Done: Cédric Boutillier <boutil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#701637; Package ruby-parser.
(Mon, 25 Feb 2013 15:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>.
(Mon, 25 Feb 2013 15:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ruby-parser
Severity: grave
Tags: security
Hi,
please see http://seclists.org/bugtraq/2013/Feb/118 for details and a proposed
patch.
Cheers,
Moritz
Reply sent
to Cédric Boutillier <boutil@debian.org>:
You have taken responsibility.
(Wed, 27 Feb 2013 14:51:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Wed, 27 Feb 2013 14:51:06 GMT) (full text, mbox, link).
Message #10 received at 701637-close@bugs.debian.org (full text, mbox, reply):
Source: ruby-parser
Source-Version: 2.3.1-2
We believe that the bug you reported is fixed in the latest version of
ruby-parser, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 701637@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Cédric Boutillier <boutil@debian.org> (supplier of updated ruby-parser package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 26 Feb 2013 07:08:26 +0100
Source: ruby-parser
Binary: ruby-parser
Architecture: source all
Version: 2.3.1-2
Distribution: unstable
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Cédric Boutillier <boutil@debian.org>
Description:
ruby-parser - Ruby parser written in pure Ruby
Closes: 701637
Changes:
ruby-parser (2.3.1-2) unstable; urgency=high
.
* Team upload
* Add debian/patches/002-fix-CVE-2013-0162.patch: avoid unsecure use of
/tmp/ [CVE-2013-0162] (Closes: #701637).
Checksums-Sha1:
ee1c0f33f22843f16e48bbd14f208f729ab8d5a4 2087 ruby-parser_2.3.1-2.dsc
f187da5d93479e4e7ebfb021db4f56baf78e66cf 3435 ruby-parser_2.3.1-2.debian.tar.gz
c123a04aa42b47c5808ef98ffbb9142d18d491be 68658 ruby-parser_2.3.1-2_all.deb
Checksums-Sha256:
4ad7c97157ffa1506dd41c6ce635e919af811b46b7df3cb933c148d044839b14 2087 ruby-parser_2.3.1-2.dsc
bb91b5d04e08629a85662b20eaa9d02f789bc41ecc0d3a94804780b2e184ac16 3435 ruby-parser_2.3.1-2.debian.tar.gz
a9e108123e3fc392b8679417e2767a484df49da9d772b0488f3b33700b1ed293 68658 ruby-parser_2.3.1-2_all.deb
Files:
4170a38f6a63c86fa4595f85d6c39cf8 2087 ruby optional ruby-parser_2.3.1-2.dsc
7e4f59a82ccafe6c7bcdaf983d9f1acc 3435 ruby optional ruby-parser_2.3.1-2.debian.tar.gz
a71cea42e0110ed3f459c418a4fb51d8 68658 ruby optional ruby-parser_2.3.1-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRLhYGAAoJENpJWPYR4Unpvb4P/0YLvw2YP7qktbdnJsues8RE
J8QGz5G9Y0Se8BM62BtTeFiVd3d9MT3PbADVaTAHOeIXWVBXlUJmL8pLRmMU8wYe
TpXcaXA4wkfrECaRl+jKGhtlIwtGBHeEzLJT2hRdNaZYvHHVU+Kggmkkh/TkZAlX
tN3oHWzGkoPcz/xyst/sGN/vhiBfjBLzMSlP7sVm/P0wqisOkRB2lxmSsvevtatG
B0xcNYn3/xEKFEZYQjL3s/Gd65BAZROP7+TXeady1aZZYLDkqVBGnsFP5+/bGr7r
xJwi+pLUJ6UHsbVmGB8YMBDU4rWPlez9NMXw6IXiZluUh48S9Ac5zrh4atL/Hbli
NkaYYrTNlUq26oobV/R6fEzBa6+SVmh/2lpQw0n6etzYxfYd//2aKMX9Z1ApWRDI
zjghCFAGlJB31LdNKCBD9jqFQ0uNsQecE2DTotCGVoycl4qOGUQVLVC1epv0Evi5
q3oNRCeiS2P7s3Tk37RuWYVgdf6DwJsIGUnjziQLTCcf5vidCOCGj9Gw02ekLURP
XMQdevUkAA0m/36AmqlxLtsjYlJy3b1JR7XYcWwrrT/kRW7FODmQq9SRsBBmeYTt
tpScFgV0Ghy5iNeWYqZIMiilpJmSXJZcXh4fNcgEbclzZs/W2IF0EF0un9L0MDNv
PJ/+W7qjMUFNvy25Jgyh
=s2F+
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 30 Mar 2013 07:27:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:01:11 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon