Debian Bug report logs - #730189
ruby1.8: CVE-2013-4164: Heap Overflow in Floating Point Parsing

version graph

Package: src:ruby1.8; Maintainer for src:ruby1.8 is akira yamada <akira@debian.org>;

Reported by: Christos Trochalakis <yatiohi@ideopolis.gr>

Date: Fri, 22 Nov 2013 10:15:02 UTC

Severity: grave

Tags: patch, security

Fixed in versions ruby1.8/1.8.7.358-9, ruby1.8/1.8.7.358-7.1+deb7u1

Done: Antonio Terceiro <terceiro@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Antonio Terceiro <terceiro@debian.org>:
Bug#730178; Package ruby1.9.1. (Fri, 22 Nov 2013 10:15:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christos Trochalakis <yatiohi@ideopolis.gr>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Antonio Terceiro <terceiro@debian.org>. (Fri, 22 Nov 2013 10:15:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Christos Trochalakis <yatiohi@ideopolis.gr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ruby1.9.1: CVE-2013-4164 Heap Overflow in Floating Point Parsing
Date: Fri, 22 Nov 2013 12:04:54 +0200
Package: ruby1.9.1
Severity: grave
Tags: security

Hi,

The follow vulnerability was published for ruby:

CVE-2013-4164: Heap Overflow in Floating Point Parsing
https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/




Marked as found in versions ruby1.9.1/1.9.3.194-8.1+deb7u1. Request was from Christos Trochalakis <yatiohi@ideopolis.gr> to control@bugs.debian.org. (Fri, 22 Nov 2013 10:33:19 GMT) Full text and rfc822 format available.

Marked as found in versions ruby1.9.1/1.9.3.448-1. Request was from Christos Trochalakis <yatiohi@ideopolis.gr> to control@bugs.debian.org. (Fri, 22 Nov 2013 10:33:20 GMT) Full text and rfc822 format available.

Bug 730178 cloned as bugs 730189, 730190 Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 22 Nov 2013 13:36:04 GMT) Full text and rfc822 format available.

Bug reassigned from package 'ruby1.9.1' to 'src:ruby1.8'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 22 Nov 2013 13:36:05 GMT) Full text and rfc822 format available.

No longer marked as found in versions ruby1.9.1/1.9.3.194-8.1+deb7u1 and ruby1.9.1/1.9.3.448-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 22 Nov 2013 13:36:06 GMT) Full text and rfc822 format available.

Changed Bug title to 'ruby1.8: CVE-2013-4164: Heap Overflow in Floating Point Parsing' from 'ruby1.9.1: CVE-2013-4164 Heap Overflow in Floating Point Parsing' Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 22 Nov 2013 14:30:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#730189; Package src:ruby1.8. (Mon, 25 Nov 2013 16:57:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. (Mon, 25 Nov 2013 16:57:08 GMT) Full text and rfc822 format available.

Message #22 received at 730189@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Christos Trochalakis <yatiohi@ideopolis.gr>
Cc: 730189@bugs.debian.org
Subject: Re: ruby1.9.1: CVE-2013-4164 Heap Overflow in Floating Point Parsing
Date: Mon, 25 Nov 2013 17:46:54 +0100
[Message part 1 (text/plain, inline)]
On Fri, Nov 22, 2013 at 12:04:54PM +0200, Christos Trochalakis wrote:
> Package: ruby1.9.1
> Severity: grave
> Tags: security
>
> Hi,
>
> The follow vulnerability was published for ruby:
>
> CVE-2013-4164: Heap Overflow in Floating Point Parsing
> https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/

Patches for oldstable/stable attached. I don't use Ruby, these need review and testing in
live setups.

Cheers,
        Moritz
[CVE-2013-4164_CVE-2013-1821_CVE-2013-4073-squeeze.patch (text/x-diff, attachment)]
[CVE-2013-4164_CVE-2013-4073-wheezy.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#730189; Package src:ruby1.8. (Thu, 28 Nov 2013 11:48:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve Kemp <steve@steve.org.uk>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. (Thu, 28 Nov 2013 11:48:14 GMT) Full text and rfc822 format available.

Message #27 received at 730189@bugs.debian.org (full text, mbox):

From: Steve Kemp <steve@steve.org.uk>
To: 730189@bugs.debian.org
Subject: Re: ruby1.8: CVE-2013-4164
Date: Thu, 28 Nov 2013 11:09:43 +0000
[Message part 1 (text/plain, inline)]
  The patches seem to work successfully for me:

  * The test-suite that runs at compile-time still passes.
 
  * The reproducer stops segfaulting.

  The reproducer I'm using is:

--
#!/usr/bin/ruby1.8
require 'json'
JSON.parse("[1."+"1"*300000+"]")
--

Steve
-- 
http://www.steve.org.uk/

Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#730189; Package src:ruby1.8. (Fri, 29 Nov 2013 09:03:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. (Fri, 29 Nov 2013 09:03:10 GMT) Full text and rfc822 format available.

Message #32 received at 730189@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: 730178@bugs.debian.org, 730189@bugs.debian.org
Cc: team@security.debian.org
Subject: Updates prepared in Git repository
Date: Fri, 29 Nov 2013 10:01:35 +0100
[Message part 1 (text/plain, inline)]
Control: tag -1 + patch pending

Hello,

I took the liberty to help prepare the relevant uploads in the
wheezy branch of the collab-maint git repositories:

For ruby1.8:
http://anonscm.debian.org/gitweb/?p=collab-maint/ruby1.8.git;a=shortlog;h=refs/heads/wheezy

For ruby1.9.1:
http://anonscm.debian.org/gitweb/?p=collab-maint/ruby1.9.1.git;a=shortlog;h=refs/heads/wheezy

Dear security team, please find attached the diff compared to the respective
versions in stable(-security). Is it OK to upload them ?

Dear maintainers, please test those updates (they build fine on
wheezy/amd64, I checked this) and upload them if you're happy with them.
Thank you in advance.

Note that for ruby1.8, I prepared the update on top of 1.8.7.358-7.1 which
was not in stable but it's a security fix only upload that went to
unstable and that should have gone to stable as well. The version is
smaller than the current version in unstable so we're fine.

Regards,

PS: I didn't took care of oldstable. Someone should handle that.
-- 
Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
[ruby-1.8.7.358-7.1+deb7u1.patch (text/x-diff, attachment)]
[ruby-1.9.3.194-8.1+deb7u2.patch (text/x-diff, attachment)]

Added tag(s) pending and patch. Request was from Raphael Hertzog <hertzog@debian.org> to 730189-submit@bugs.debian.org. (Fri, 29 Nov 2013 09:03:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#730189; Package src:ruby1.8. (Fri, 29 Nov 2013 12:00:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. (Fri, 29 Nov 2013 12:00:07 GMT) Full text and rfc822 format available.

Message #39 received at 730189@bugs.debian.org (full text, mbox):

From: "Thijs Kinkhorst" <thijs@debian.org>
To: "Raphael Hertzog" <hertzog@debian.org>
Cc: 730178@bugs.debian.org, 730189@bugs.debian.org, team@security.debian.org
Subject: Re: Updates prepared in Git repository
Date: Fri, 29 Nov 2013 12:57:02 +0100
On Fri, November 29, 2013 10:01, Raphael Hertzog wrote:
> Dear security team, please find attached the diff compared to the
> respective
> versions in stable(-security). Is it OK to upload them ?

Yes, this is OK (ruby1.8 needs to be built with -sa, ruby1.9.1 without).
Thank you for your work on this.

> PS: I didn't took care of oldstable. Someone should handle that.

Obviously we prefer to release updates for all suites at the same time.
Are the versions in squeeze so much different that it would be a lot of
work to also apply the patches there?


Cheers,
Thijs



Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#730189; Package src:ruby1.8. (Fri, 29 Nov 2013 13:18:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. (Fri, 29 Nov 2013 13:18:11 GMT) Full text and rfc822 format available.

Message #44 received at 730189@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Thijs Kinkhorst <thijs@debian.org>
Cc: 730178@bugs.debian.org, 730189@bugs.debian.org, team@security.debian.org
Subject: Re: Updates prepared in Git repository
Date: Fri, 29 Nov 2013 14:15:07 +0100
[Message part 1 (text/plain, inline)]
On Fri, 29 Nov 2013, Thijs Kinkhorst wrote:
> > PS: I didn't took care of oldstable. Someone should handle that.
> 
> Obviously we prefer to release updates for all suites at the same time.
> Are the versions in squeeze so much different that it would be a lot of
> work to also apply the patches there?

Probably not, in fact Moritz already provided a patch for ruby1.8/squeeze.
I just took care to prepare the corresponding updates too (see debdiff
attached for 1.8.7.302-2squeeze2 and 1.9.2.0-2+deb6u2). Again they do
build but they are untested. Dear maintainers, please test and upload.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
[ruby-1.8.7.302-2squeeze2.patch (text/x-diff, attachment)]
[ruby-1.9.2.0-2+deb6u2.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#730189; Package src:ruby1.8. (Fri, 29 Nov 2013 14:57:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Antonio Terceiro <terceiro@debian.org>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. (Fri, 29 Nov 2013 14:57:07 GMT) Full text and rfc822 format available.

Message #49 received at 730189@bugs.debian.org (full text, mbox):

From: Antonio Terceiro <terceiro@debian.org>
To: Thijs Kinkhorst <thijs@debian.org>, 730178@bugs.debian.org
Cc: Raphael Hertzog <hertzog@debian.org>, 730189@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#730178: Updates prepared in Git repository
Date: Fri, 29 Nov 2013 11:55:28 -0300
[Message part 1 (text/plain, inline)]
On Fri, Nov 29, 2013 at 12:57:02PM +0100, Thijs Kinkhorst wrote:
> On Fri, November 29, 2013 10:01, Raphael Hertzog wrote:
> > Dear security team, please find attached the diff compared to the
> > respective
> > versions in stable(-security). Is it OK to upload them ?
> 
> Yes, this is OK (ruby1.8 needs to be built with -sa, ruby1.9.1 without).
> Thank you for your work on this.
> 
> > PS: I didn't took care of oldstable. Someone should handle that.
> 
> Obviously we prefer to release updates for all suites at the same time.
> Are the versions in squeeze so much different that it would be a lot of
> work to also apply the patches there?

I am working on having fixed for all suites, and I should be able to
finish it during the weekend.

I had already send debdiff's to team@security.debian.org early in the
week but forgot to push them to the git repository, and to mention that
in the bug logs. Raphael, thanks for your help anyway.

-- 
Antonio Terceiro <terceiro@debian.org>
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, akira yamada <akira@debian.org>:
Bug#730189; Package src:ruby1.8. (Mon, 02 Dec 2013 11:54:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Antonio Terceiro <terceiro@debian.org>:
Extra info received and forwarded to list. Copy sent to akira yamada <akira@debian.org>. (Mon, 02 Dec 2013 11:54:08 GMT) Full text and rfc822 format available.

Message #54 received at 730189@bugs.debian.org (full text, mbox):

From: Antonio Terceiro <terceiro@debian.org>
To: Thijs Kinkhorst <thijs@debian.org>, 730178@bugs.debian.org
Cc: Raphael Hertzog <hertzog@debian.org>, 730189@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#730178: Updates prepared in Git repository
Date: Mon, 2 Dec 2013 08:50:46 -0300
[Message part 1 (text/plain, inline)]
On Fri, Nov 29, 2013 at 11:55:28AM -0300, Antonio Terceiro wrote:
> I am working on having fixed for all suites, and I should be able to
> finish it during the weekend.
> 
> I had already send debdiff's to team@security.debian.org early in the
> week but forgot to push them to the git repository, and to mention that
> in the bug logs. Raphael, thanks for your help anyway.

I have uploaded fixed packages to stable-security and
oldstable-security, final diffs are atttached. Raphael, thanks for your
help.

I have also uploaded fixed packages for unstable. Their version numbers:

ruby1.8   1.8.7.358-9
ruby1.9.1 1.9.3.484-1
ruby2.0   2.0.0.353-1

-- 
Antonio Terceiro <terceiro@debian.org>
[ruby1.8-squeeze.diff (text/x-diff, attachment)]
[ruby1.8-wheezy.diff (text/x-diff, attachment)]
[ruby1.9.1-squeeze.dsc (text/plain, attachment)]
[ruby1.9.1-wheezy.dsc (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Marked as fixed in versions ruby1.8/1.8.7.358-9. Request was from Antonio Terceiro <terceiro@debian.org> to control@bugs.debian.org. (Mon, 02 Dec 2013 12:30:08 GMT) Full text and rfc822 format available.

Reply sent to Antonio Terceiro <terceiro@debian.org>:
You have taken responsibility. (Thu, 05 Dec 2013 22:21:09 GMT) Full text and rfc822 format available.

Notification sent to Christos Trochalakis <yatiohi@ideopolis.gr>:
Bug acknowledged by developer. (Thu, 05 Dec 2013 22:21:10 GMT) Full text and rfc822 format available.

Message #61 received at 730189-close@bugs.debian.org (full text, mbox):

From: Antonio Terceiro <terceiro@debian.org>
To: 730189-close@bugs.debian.org
Subject: Bug#730189: fixed in ruby1.8 1.8.7.358-7.1+deb7u1
Date: Thu, 05 Dec 2013 22:17:05 +0000
Source: ruby1.8
Source-Version: 1.8.7.358-7.1+deb7u1

We believe that the bug you reported is fixed in the latest version of
ruby1.8, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 730189@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Terceiro <terceiro@debian.org> (supplier of updated ruby1.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 01 Dec 2013 23:22:26 -0300
Source: ruby1.8
Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libtcltk-ruby1.8 ruby1.8-examples ri1.8 ruby1.8-full
Architecture: source all amd64
Version: 1.8.7.358-7.1+deb7u1
Distribution: stable-security
Urgency: high
Maintainer: akira yamada <akira@debian.org>
Changed-By: Antonio Terceiro <terceiro@debian.org>
Description: 
 libruby1.8 - Libraries necessary to run Ruby 1.8
 libruby1.8-dbg - Debugging symbols for Ruby 1.8
 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
 ri1.8      - Ruby Interactive reference (for Ruby 1.8)
 ruby1.8    - Interpreter of object-oriented scripting language Ruby 1.8
 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
 ruby1.8-examples - Examples for Ruby 1.8
 ruby1.8-full - Ruby 1.8 full installation
Closes: 730189
Changes: 
 ruby1.8 (1.8.7.358-7.1+deb7u1) stable-security; urgency=high
 .
   [ Raphaël Hertzog ]
   * debian/patches/CVE-2013-4164.patch: New patch to fix
     heap overflow in floating point parsing (Closes: #730189)
     Thanks to Moritz Muehlenhoff for the patch.
 .
   [ Antonio Terceiro ]
   * debian/patches/CVE-2013-4073: fix regression that introduced syntax errors
     in test/openssl/test_ssl.rb, breaking the execution of the test suite
     during the package build.
Checksums-Sha1: 
 23d7d3c2542d59e4aa0332f02e81c8cc07b20525 2564 ruby1.8_1.8.7.358-7.1+deb7u1.dsc
 a20a66ec6d7d7ce13b621941a0e0c8c5240b584a 4895206 ruby1.8_1.8.7.358.orig.tar.gz
 2965675190008bb5d955d3e7b0bb37b31fb77e3d 61846 ruby1.8_1.8.7.358-7.1+deb7u1.debian.tar.gz
 95a31356dfec5e7b0ee9cbbade84ed5e4a45ed6f 345742 ruby1.8-examples_1.8.7.358-7.1+deb7u1_all.deb
 81f1340757f2187b476bdd7b89880bfeaedb8e8c 1431254 ri1.8_1.8.7.358-7.1+deb7u1_all.deb
 a8c6f49ae112d7f1ddaf3099469773a24f4bc51b 284206 ruby1.8-full_1.8.7.358-7.1+deb7u1_all.deb
 d573679d4cf6a760611cc4b7227faa99e8d169ad 320204 ruby1.8_1.8.7.358-7.1+deb7u1_amd64.deb
 af3bca32fb8a1338f0c4dec4a162e2d4c956b085 2090618 libruby1.8_1.8.7.358-7.1+deb7u1_amd64.deb
 2c4074731e15a0a15e189facccaedd0bc5fa126e 1739244 libruby1.8-dbg_1.8.7.358-7.1+deb7u1_amd64.deb
 261f619bd1e311b52bf16ca1561e24ad5bc02294 911304 ruby1.8-dev_1.8.7.358-7.1+deb7u1_amd64.deb
 be112ef162215918272ef3247b05760d0f57058f 2036944 libtcltk-ruby1.8_1.8.7.358-7.1+deb7u1_amd64.deb
Checksums-Sha256: 
 733b0090d29696dfacbaf356a7945c5066743bc9d4f1e97942bdba5fc0c02c50 2564 ruby1.8_1.8.7.358-7.1+deb7u1.dsc
 9e0856d58830e08f1e38233947d859898ae09d4780cb1a502108e41308de33cb 4895206 ruby1.8_1.8.7.358.orig.tar.gz
 64bfbc4e2eae0fdb8b443b75182154a93464a46aac87eeff2bb4512ccdb4d950 61846 ruby1.8_1.8.7.358-7.1+deb7u1.debian.tar.gz
 4a103dcfd911de600fb2947dc0aaa0b19693190e19ae972fea8ba83e13d55332 345742 ruby1.8-examples_1.8.7.358-7.1+deb7u1_all.deb
 f1ff80be4578738529f6799e084f7343ac6021dcba14b43d5e5ce879abea4752 1431254 ri1.8_1.8.7.358-7.1+deb7u1_all.deb
 8613afdf053ee8a3289644cde8fb4ed5941e60a1855876987b7391d5d5627e28 284206 ruby1.8-full_1.8.7.358-7.1+deb7u1_all.deb
 d771ec2e2d7df1ac49d55f573a3ad9f6ea8fa84865a98547f65e5d2a4a2e8dd0 320204 ruby1.8_1.8.7.358-7.1+deb7u1_amd64.deb
 61aedfa045792f97bd7be1da99d35423e11e99a0bab74c8e444aec4d672334b3 2090618 libruby1.8_1.8.7.358-7.1+deb7u1_amd64.deb
 6ead0704bf7bcda47d64376a92b4db62997090ff41fd88748995d02f76fdd59e 1739244 libruby1.8-dbg_1.8.7.358-7.1+deb7u1_amd64.deb
 8c3b7fde4980b96b9c8863ab9c6067f632a632ef058071a811f09bf2e53e5d79 911304 ruby1.8-dev_1.8.7.358-7.1+deb7u1_amd64.deb
 bb1632ac0db6dcb569949395017980725f2923fd981a115db5b085838610d7db 2036944 libtcltk-ruby1.8_1.8.7.358-7.1+deb7u1_amd64.deb
Files: 
 4943bae30140c29e187c728e3de54a99 2564 ruby optional ruby1.8_1.8.7.358-7.1+deb7u1.dsc
 26bd55358847459a7752acdbd33a535f 4895206 ruby optional ruby1.8_1.8.7.358.orig.tar.gz
 9681a062de235edfd0123161aeab9039 61846 ruby optional ruby1.8_1.8.7.358-7.1+deb7u1.debian.tar.gz
 b9dae85d68250e06bc30c0f8db5669aa 345742 ruby optional ruby1.8-examples_1.8.7.358-7.1+deb7u1_all.deb
 81b42c7c066ca23f28d96ca8a014ebde 1431254 ruby optional ri1.8_1.8.7.358-7.1+deb7u1_all.deb
 01d8dd40ad2b918ad7e20a340ddace01 284206 ruby optional ruby1.8-full_1.8.7.358-7.1+deb7u1_all.deb
 f899d4e01146dde59379eb0819bd9d4d 320204 ruby optional ruby1.8_1.8.7.358-7.1+deb7u1_amd64.deb
 ffb6964922972e9df4dd10f4b0a09f0e 2090618 libs optional libruby1.8_1.8.7.358-7.1+deb7u1_amd64.deb
 0593d222e4e35d17c82ba71938436558 1739244 debug extra libruby1.8-dbg_1.8.7.358-7.1+deb7u1_amd64.deb
 8db7dc07480662b634e16693cd1997bf 911304 ruby optional ruby1.8-dev_1.8.7.358-7.1+deb7u1_amd64.deb
 e699f03fdd6d623864eecb43a9a5c1ee 2036944 ruby optional libtcltk-ruby1.8_1.8.7.358-7.1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSnFrrAAoJEPwNsbvNRgvecPIP/jrABqypwRgOQXCEdz9L736t
HFNsFpGIRTAW7gpjtzUpegA4tcLCs0JVwVTdcVDgupjbYG6hBa9ynZdyvvmGxKW9
bQGtKdpKLLUMT5qNFOHGorxUQH9271KiQOXQ2Ez0RMj9TXj40KJfzw8AZIGtcvdo
+OSO/zpQIiw+I8zTh6ndqSJk86q/NU6H/gXIi7/0o7ufsUqJuLpFqfBUlvvkz/ED
uyCKrhcmRAw/3UJUgbiwmGEP+W3Qnchb1WNmRSsTUXWBXZBDn5vWXUYPQaCx66jR
sTeRwfbdnMEhzvgPxFPOY147pMcTKOnOq63A+jSiCZ6+E1iLuO8w/Z4GhHCkZHkU
MdC3gR0Z2pjQA8uUSSg+cBO64ztlkzW/7vLDRD5t41Yj6ZzJMz4pa7zaNp3Ohhod
xlvNclxZWzFOaP2tyiKGA4X+ul/1W65CJWNnTnE1zt3RyWWrJw0sfGRTbW4XZEQ8
5TpRSOpQUpkymkOpP0thFChkZ/1HpSahpakxv9kpMjBB/sJVbbDtjDvNonkHqe8N
ruIS30gVhGKRBvlEo8isWFLZwikSS6jPsxPQKV38gOUmJhw0IeIB7OExkg9HeZhb
TddqwXLnjeg4EpuDKfNmyyDsbrakoaE5sRg2t8FNBXOSEDWqD/59/pGoRMV0yUV9
rOosgVEYREXynPHF1I7U
=6KbZ
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 03 Jan 2014 07:31:44 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 06:44:56 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.