Debian Bug report logs - #260779
libruby1.8: CGI::Session creates files insecurely

version graph

Package: libruby1.8; Maintainer for libruby1.8 is akira yamada <akira@debian.org>; Source for libruby1.8 is src:ruby1.8.

Reported by: Andres Salomon <dilinger@voxel.net>

Date: Thu, 22 Jul 2004 07:18:01 UTC

Severity: grave

Tags: security, upstream, woody

Found in version 1.8.1+1.8.2pre1-3

Fixed in version ruby1.8/1.8.1+1.8.2pre1-4

Done: akira yamada <akira@debian.org>

Bug is archived. No further changes may be made.

Forwarded to matz@ruby-lang.org

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#260779; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to Andres Salomon <dilinger@voxel.net>:
New Bug report received and forwarded. Copy sent to akira yamada <akira@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Andres Salomon <dilinger@voxel.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libruby1.8: CGI::Session creates files insecurely
Date: Thu, 22 Jul 2004 03:14:19 -0400
Package: libruby1.8
Version: 1.8.1+1.8.2pre1-3
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

I just noticed that CGI::Session's FileStore (and presumably PStore)
implementations store session information insecurely.  They simply
create files, ignoring permission issues.  I assume the only thing
affecting permissions is the value of umask.  For both my user, as
well as www-data, session files end up in /tmp with permission
0644.  This is quite bad; an unsuspecting user might be storing
sensitive information in session variables, assuming that the class
stores data securely.

The following script illustrates the problem:

#!/usr/bin/ruby -w

require 'cgi'
require 'cgi/session'

cgi = CGI.new('html4')
session = CGI::Session.new(cgi, 'prefix' => 'blah_')
Kernel.system("ls -l " + Dir.glob("/tmp/blah_*").join(" "))




-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-1-k7
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages libruby1.8 depends on:
ii  libc6                       2.3.2.ds1-13 GNU C Library: Shared libraries an

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#260779; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to Matt Zimmerman <mdz@debian.org>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. Full text and rfc822 format available.

Message #10 received at 260779@bugs.debian.org (full text, mbox):

From: Matt Zimmerman <mdz@debian.org>
To: Andres Salomon <dilinger@voxel.net>, 260779@bugs.debian.org
Subject: Re: Bug#260779: libruby1.8: CGI::Session creates files insecurely
Date: Thu, 22 Jul 2004 08:57:20 -0700
On Thu, Jul 22, 2004 at 03:14:19AM -0400, Andres Salomon wrote:

> Package: libruby1.8
> Version: 1.8.1+1.8.2pre1-3
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> 
> Hi,
> 
> I just noticed that CGI::Session's FileStore (and presumably PStore)
> implementations store session information insecurely.  They simply
> create files, ignoring permission issues.  I assume the only thing
> affecting permissions is the value of umask.  For both my user, as
> well as www-data, session files end up in /tmp with permission
> 0644.  This is quite bad; an unsuspecting user might be storing
> sensitive information in session variables, assuming that the class
> stores data securely.

I assume 1.8.1-9 in stable has the same problem?

-- 
 - mdz



Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#260779; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to Andres Salomon <dilinger@voxel.net>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. Full text and rfc822 format available.

Message #15 received at 260779@bugs.debian.org (full text, mbox):

From: Andres Salomon <dilinger@voxel.net>
To: Matt Zimmerman <mdz@debian.org>
Cc: 260779@bugs.debian.org
Subject: Re: Bug#260779: libruby1.8: CGI::Session creates files insecurely
Date: Thu, 22 Jul 2004 17:37:55 -0400
[Message part 1 (text/plain, inline)]
On Thu, 2004-07-22 at 08:57 -0700, Matt Zimmerman wrote:
> On Thu, Jul 22, 2004 at 03:14:19AM -0400, Andres Salomon wrote:
> 
[...]
> > 0644.  This is quite bad; an unsuspecting user might be storing
> > sensitive information in session variables, assuming that the class
> > stores data securely.
> 
> I assume 1.8.1-9 in stable has the same problem?
> 

You mean the ruby packages in stable (1.6.7-3)?  The behavior in Woody
is the same.



-- 
Andres Salomon <dilinger@voxel.net>
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#260779; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to Matt Zimmerman <mdz@debian.org>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. Full text and rfc822 format available.

Message #20 received at 260779@bugs.debian.org (full text, mbox):

From: Matt Zimmerman <mdz@debian.org>
To: Andres Salomon <dilinger@voxel.net>
Cc: 260779@bugs.debian.org
Subject: Re: Bug#260779: libruby1.8: CGI::Session creates files insecurely
Date: Thu, 22 Jul 2004 14:54:31 -0700
On Thu, Jul 22, 2004 at 05:37:55PM -0400, Andres Salomon wrote:

> On Thu, 2004-07-22 at 08:57 -0700, Matt Zimmerman wrote:
> > On Thu, Jul 22, 2004 at 03:14:19AM -0400, Andres Salomon wrote:
> > 
> [...]
> > > 0644.  This is quite bad; an unsuspecting user might be storing
> > > sensitive information in session variables, assuming that the class
> > > stores data securely.
> > 
> > I assume 1.8.1-9 in stable has the same problem?
> > 
> 
> You mean the ruby packages in stable (1.6.7-3)?  The behavior in Woody
> is the same.

Right, I read the display crooked. :-)

Please keep the security team in the loop.

-- 
 - mdz



Noted your statement that Bug has been forwarded to matz@ruby-lang.org. Request was from akira yamada <akira@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to akira yamada <akira@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Andres Salomon <dilinger@voxel.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #27 received at 260779-close@bugs.debian.org (full text, mbox):

From: akira yamada <akira@debian.org>
To: 260779-close@bugs.debian.org
Subject: Bug#260779: fixed in ruby1.8 1.8.1+1.8.2pre1-4
Date: Thu, 22 Jul 2004 20:47:07 -0400
Source: ruby1.8
Source-Version: 1.8.1+1.8.2pre1-4

We believe that the bug you reported is fixed in the latest version of
ruby1.8, which is due to be installed in the Debian FTP archive:

irb1.8_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/irb1.8_1.8.1+1.8.2pre1-4_all.deb
libbigdecimal-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libbigdecimal-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libcurses-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libcurses-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libdbm-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libdbm-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libdl-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libdl-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libdrb-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/libdrb-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
liberb-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/liberb-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
libgdbm-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libgdbm-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libiconv-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libiconv-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libopenssl-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libopenssl-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libpty-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libpty-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libracc-runtime-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libracc-runtime-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libreadline-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libreadline-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
librexml-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/librexml-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
libruby1.8-dbg_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libruby1.8-dbg_1.8.1+1.8.2pre1-4_i386.deb
libruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libsdbm-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libsdbm-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libsoap-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/libsoap-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
libstrscan-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libstrscan-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libsyslog-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libsyslog-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libtcltk-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libtcltk-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libtest-unit-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/libtest-unit-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
libtk-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libtk-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libwebrick-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/libwebrick-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
libxmlrpc-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/libxmlrpc-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
libyaml-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libyaml-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
libzlib-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/libzlib-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
rdoc1.8_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/rdoc1.8_1.8.1+1.8.2pre1-4_all.deb
ri1.8_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/ri1.8_1.8.1+1.8.2pre1-4_all.deb
ruby1.8-dev_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/ruby1.8-dev_1.8.1+1.8.2pre1-4_i386.deb
ruby1.8-elisp_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/ruby1.8-elisp_1.8.1+1.8.2pre1-4_all.deb
ruby1.8-examples_1.8.1+1.8.2pre1-4_all.deb
  to pool/main/r/ruby1.8/ruby1.8-examples_1.8.1+1.8.2pre1-4_all.deb
ruby1.8_1.8.1+1.8.2pre1-4.diff.gz
  to pool/main/r/ruby1.8/ruby1.8_1.8.1+1.8.2pre1-4.diff.gz
ruby1.8_1.8.1+1.8.2pre1-4.dsc
  to pool/main/r/ruby1.8/ruby1.8_1.8.1+1.8.2pre1-4.dsc
ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
  to pool/main/r/ruby1.8/ruby1.8_1.8.1+1.8.2pre1-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 260779@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
akira yamada <akira@debian.org> (supplier of updated ruby1.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 23 Jul 2004 07:03:16 +0900
Source: ruby1.8
Binary: libsoap-ruby1.8 libyaml-ruby1.8 rdoc1.8 libdbm-ruby1.8 ri1.8 librexml-ruby1.8 ruby1.8-dev ruby1.8-elisp libdrb-ruby1.8 libreadline-ruby1.8 ruby1.8 libsyslog-ruby1.8 libruby1.8-dbg libtcltk-ruby1.8 libtk-ruby1.8 ruby1.8-examples libxmlrpc-ruby1.8 libracc-runtime-ruby1.8 libzlib-ruby1.8 libsdbm-ruby1.8 libiconv-ruby1.8 libstrscan-ruby1.8 libpty-ruby1.8 libcurses-ruby1.8 libgdbm-ruby1.8 libwebrick-ruby1.8 libtest-unit-ruby1.8 irb1.8 libdl-ruby1.8 liberb-ruby1.8 libopenssl-ruby1.8 libruby1.8 libbigdecimal-ruby1.8
Architecture: source i386 all
Version: 1.8.1+1.8.2pre1-4
Distribution: unstable
Urgency: high
Maintainer: akira yamada <akira@debian.org>
Changed-By: akira yamada <akira@debian.org>
Description: 
 irb1.8     - Interactive Ruby (for Ruby 1.8)
 libbigdecimal-ruby1.8 - Variable precision floating library for Ruby 1.8
 libcurses-ruby1.8 - Curses interface for Ruby 1.8
 libdbm-ruby1.8 - DBM interface for Ruby 1.8
 libdl-ruby1.8 - Extension library to use dynamic linker from Ruby 1.8
 libdrb-ruby1.8 - Distributed Ruby (for Ruby 1.8)
 liberb-ruby1.8 - Tiny eRuby (for Ruby 1.8)
 libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
 libiconv-ruby1.8 - A Wrapper class of iconv for the Ruby 1.8
 libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
 libpty-ruby1.8 - pseudo tty interface for Ruby 1.8
 libracc-runtime-ruby1.8 - Runtime library for parser which is generated by Racc (Ruby 1.8)
 libreadline-ruby1.8 - Readline interface for Ruby 1.8
 librexml-ruby1.8 - pure Ruby non-validating XML parser supporting Namespaces, XPath
 libruby1.8 - Libraries necessary to run the Ruby 1.8
 libruby1.8-dbg - Debugging libraries for Ruby 1.8
 libsdbm-ruby1.8 - SDBM interface for Ruby 1.8
 libsoap-ruby1.8 - Ruby's SOAP implementation for Ruby 1.8
 libstrscan-ruby1.8 - Fast string scanning library for Ruby 1.8
 libsyslog-ruby1.8 - UNIX syslog(3) interface for Ruby 1.8
 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
 libtest-unit-ruby1.8 - unit-testing framework for Ruby 1.8
 libtk-ruby1.8 - Tk interface for Ruby 1.8
 libwebrick-ruby1.8 - Simple HTTP Server Toolkit for Ruby 1.8
 libxmlrpc-ruby1.8 - XML-RPC support for Ruby 1.8
 libyaml-ruby1.8 - YAML for Ruby 1.8
 libzlib-ruby1.8 - Extension library to use zlib from Ruby 1.8
 rdoc1.8    - Generate documentation from Ruby source files (for Ruby 1.8)
 ri1.8      - Ruby Interactive reference (for Ruby 1.8)
 ruby1.8    - Interpreter of object-oriented scripting language Ruby 1.8
 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
 ruby1.8-elisp - ruby-mode for Emacsen
 ruby1.8-examples - Examples for Ruby 1.8
Closes: 260779
Changes: 
 ruby1.8 (1.8.1+1.8.2pre1-4) unstable; urgency=high
 .
   * akira yamada <akira@debian.org>
   - (urgency high) updated debian/patches/800_sleep.patch:
       - previous patch is incomplete, sleep() is still broken.
   - (urgency high) added debian/patches/811_cgi_session.patch:
       - sets the permission of the session data file to 0600.  [ruby-dev:23952]
         (closes: #260779)
Files: 
 b6e760384a701d11468343e6554da8e4 1390 interpreters optional ruby1.8_1.8.1+1.8.2pre1-4.dsc
 2f6c49aa568f8e7488e3df82337ea0b8 35951 interpreters optional ruby1.8_1.8.1+1.8.2pre1-4.diff.gz
 243ce5b609450e674e95b7dd8459ace7 105038 interpreters optional ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 38889480ae702639dfa2618446a41cd1 776080 libs optional libruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 200908bf734cb5ba2d0ee3b49ab09b4a 705276 libdevel extra libruby1.8-dbg_1.8.1+1.8.2pre1-4_i386.deb
 3fb81ba91811475c3f8db9cba57be854 569048 devel optional ruby1.8-dev_1.8.1+1.8.2pre1-4_i386.deb
 d14b33ad8951593479b243a64ad88ab3 97512 interpreters optional libcurses-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 55da74ae9c2cb2d93435a956b8c04377 91292 interpreters optional libdbm-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 c791e996c638e8c60bdf8d6075be6771 92490 interpreters optional libgdbm-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 5a512c3065e4da507925dba475513c44 90150 interpreters optional libpty-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 f8e89384bef6c43cee1b7f1b68344003 88174 interpreters optional libreadline-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 d273a2d0eea7e78f7c6e1e9fc71fad2c 94314 interpreters optional libsdbm-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 0c2d9ef30efa03c85d1537f3e4618ef8 138580 interpreters optional libtcltk-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 fca91e77a9dbd2768464f143daa5a530 1078426 interpreters optional libtk-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 096065b9dc74be38d918350b42d1c51c 87656 interpreters optional libsyslog-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 4b09e15cc08b60a209bc1cfa855d2f79 86918 interpreters optional libiconv-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 604ddd007ccc35e40e6ea15840fedb4a 89674 interpreters optional libracc-runtime-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 669850baa128b8de10fc4e70f34a687f 87250 interpreters optional libstrscan-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 0205f28e2700bcda04fc7e6da441ca5c 122172 interpreters optional libdl-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 b2d6a20fe0fbe7ce7dde76b2db25f06b 102496 interpreters optional libzlib-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 fbd00087b2219763c1aadff631e0e8b5 125396 interpreters optional libbigdecimal-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 9b81e8d90654779014e804c2daa6913b 132594 interpreters optional libyaml-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 939dea2142f418fd0265f0a6af9ab296 178406 interpreters optional libopenssl-ruby1.8_1.8.1+1.8.2pre1-4_i386.deb
 654af2a0a5991080812ad102f94c1880 108130 interpreters optional libtest-unit-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
 81d3428c8dacbb20c2bd36249699f056 85436 interpreters optional liberb-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
 65d95950d84467233366e7bab89d180b 142250 interpreters optional librexml-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
 51830c691c0d5161ec660dd5ded24a49 105090 interpreters optional libdrb-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
 abcdf40cde48ccad369e16e3778f12de 103250 interpreters optional libxmlrpc-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
 7e56913a963d4191545fd9c3c62002c5 112268 interpreters optional libwebrick-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
 51627badf5343c6e31284c424e280ddc 185214 web optional libsoap-ruby1.8_1.8.1+1.8.2pre1-4_all.deb
 56c9ff2108f795338d0f90473c23d956 109292 interpreters optional ruby1.8-examples_1.8.1+1.8.2pre1-4_all.deb
 55ce5a27acf654a76d6b309b06cb9f97 99032 interpreters optional ruby1.8-elisp_1.8.1+1.8.2pre1-4_all.deb
 0fb5dd8120789684abad2ac5aca9264f 383664 interpreters optional ri1.8_1.8.1+1.8.2pre1-4_all.deb
 88f42d1937a403edf0a0bbec069d16f6 186302 doc optional rdoc1.8_1.8.1+1.8.2pre1-4_all.deb
 9b8a363005e24a64dc31e1a4e644fda0 122726 interpreters optional irb1.8_1.8.1+1.8.2pre1-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBAFsVXzkxpuIT8aARAjmvAJ9TqLSEjw0z3prFgw8/Tn9lSlrbAwCff/HR
kcRL3+wDNcBiTgURi2UjRCM=
=WimA
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#260779; Package libruby1.8. Full text and rfc822 format available.

Acknowledgement sent to Andres Salomon <dilinger@voxel.net>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. Full text and rfc822 format available.

Message #32 received at 260779@bugs.debian.org (full text, mbox):

From: Andres Salomon <dilinger@voxel.net>
To: 260779@bugs.debian.org
Subject: open in sarge/woody
Date: Fri, 23 Jul 2004 16:59:49 -0400
[Message part 1 (text/plain, inline)]
reopen 260779
tags 260779 + woody sarge
thanks

Thanks for the fast fix for sid.  Unfortunately, this bug is also in
woody and sarge.  For woody, a proper security update should be done.
For sarge.. well, hopefully ruby1.8 will make it in there quickly.  This
bug should be kept around until it does, so that sarge isn't releasing
w/ this problem.


-- 
Andres Salomon <dilinger@voxel.net>
[signature.asc (application/pgp-signature, inline)]

Bug reopened, originator not changed. Request was from Andres Salomon <dilinger@voxel.net> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: woody, sarge Request was from Andres Salomon <dilinger@voxel.net> to control@bugs.debian.org. Full text and rfc822 format available.

Tags removed: sarge Request was from Frank Lichtenheld <djpig@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to akira yamada <akira@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Andres Salomon <dilinger@voxel.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #43 received at 260779-close@bugs.debian.org (full text, mbox):

From: akira yamada <akira@debian.org>
To: Andres Salomon <dilinger@voxel.net>, 260779-close@bugs.debian.org
Cc: akira@debian.org
Subject: Re: Bug#260779: open in sarge/woody
Date: Thu, 19 Aug 2004 12:27:25 +0900
> Thanks for the fast fix for sid.  Unfortunately, this bug is also in
> woody and sarge.  For woody, a proper security update should be done.
> For sarge.. well, hopefully ruby1.8 will make it in there quickly.  This
> bug should be kept around until it does, so that sarge isn't releasing
> w/ this problem.

DSA-537-1 was published.
-- 
akira yamada  <URL:http://arika.org>




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 14:12:54 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.