Debian Bug report logs - #796551
CVE-2015-7551

Package: ruby2.2; Maintainer for ruby2.2 is (unknown);

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Fri, 21 Aug 2015 12:36:01 UTC

Severity: important

Tags: security

Found in versions ruby2.2/2.2.1-1, ruby2.2/2.2.3-1

Fixed in version ruby2.2/2.2.4-1

Done: Christian Hofstaedtler <zeha@debian.org>

Bug is archived. No further changes may be made.

Display info messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Antonio Terceiro <terceiro@debian.org>:
Bug#796344; Package ruby2.1. (Fri, 21 Aug 2015 12:36:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Antonio Terceiro <terceiro@debian.org>. (Fri, 21 Aug 2015 12:36:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: ruby2.1
Version: 2.1.5-4
Severity: important
Tags: security

This has been assigned CVE-2009-5147:
http://seclists.org/oss-sec/2015/q3/222

Cheers,
        Moritz

Bug 796344 cloned as bug 796551 Request was from Christian Hofstaedtler <zeha@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2015 13:21:08 GMT) (full text, mbox, link).

Bug reassigned from package 'ruby2.1' to 'ruby2.2'. Request was from Christian Hofstaedtler <zeha@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2015 13:21:09 GMT) (full text, mbox, link).

No longer marked as found in versions ruby2.1/2.1.5-4. Request was from Christian Hofstaedtler <zeha@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2015 13:21:09 GMT) (full text, mbox, link).

Marked as found in versions ruby2.2/2.2.1-1. Request was from Christian Hofstaedtler <zeha@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2015 13:21:10 GMT) (full text, mbox, link).

Marked as found in versions ruby2.2/2.2.3-1. Request was from Christian Hofstaedtler <zeha@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2015 13:21:11 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Antonio Terceiro <terceiro@debian.org>:
Bug#796551; Package ruby2.2. (Wed, 16 Dec 2015 23:09:11 GMT) (full text, mbox, link).

Acknowledgement sent to Christian Hofstaedtler <zeha@debian.org>:
Extra info received and forwarded to list. Copy sent to Antonio Terceiro <terceiro@debian.org>. (Wed, 16 Dec 2015 23:09:11 GMT) (full text, mbox, link).

Message #20 received at 796551@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Control: retitle -1 CVE-2015-7551

https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/

I don't think we want to fix this in the 2.2 branch, when we're
going to replace 2.2 with 2.3 ...

-- 
 ,''`.  Christian Hofstaedtler <zeha@debian.org>
: :' :  Debian Developer
`. `'   7D1A CFFA D9E0 806C 9C4C  D392 5C13 D6DB 9305 2E03
  `-

[signature.asc (application/pgp-signature, inline)]

Changed Bug title to 'CVE-2015-7551' from 'CVE-2009-5147' Request was from Christian Hofstaedtler <zeha@debian.org> to 796551-submit@bugs.debian.org. (Wed, 16 Dec 2015 23:09:12 GMT) (full text, mbox, link).

Reply sent to Christian Hofstaedtler <zeha@debian.org>:
You have taken responsibility. (Mon, 25 Jan 2016 15:57:10 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Mon, 25 Jan 2016 15:57:10 GMT) (full text, mbox, link).

Message #27 received at 796551-close@bugs.debian.org (full text, mbox, reply):

Source: ruby2.2
Source-Version: 2.2.4-1

We believe that the bug you reported is fixed in the latest version of
ruby2.2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 796551@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Hofstaedtler <zeha@debian.org> (supplier of updated ruby2.2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 25 Jan 2016 14:48:02 +0000
Source: ruby2.2
Binary: ruby2.2 libruby2.2 libruby2.2-dbg ruby2.2-dev ruby2.2-doc ruby2.2-tcltk
Architecture: source
Version: 2.2.4-1
Distribution: unstable
Urgency: medium
Maintainer: Antonio Terceiro <terceiro@debian.org>
Changed-By: Christian Hofstaedtler <zeha@debian.org>
Description:
 libruby2.2 - Libraries necessary to run Ruby 2.2
 libruby2.2-dbg - Debugging symbols for libruby2.2
 ruby2.2    - Interpreter of object-oriented scripting language Ruby
 ruby2.2-dev - Header files for compiling extension modules for the Ruby 2.2
 ruby2.2-doc - Documentation for Ruby 2.2
 ruby2.2-tcltk - Ruby/Tk for Ruby 2.2
Closes: 796551
Changes:
 ruby2.2 (2.2.4-1) unstable; urgency=medium
 .
   * d/control: Update branch name for 2.2 series
   * New upstream release, fixing CVE-2015-7551 (Closes: #796551)
Checksums-Sha1:
 2776dcb30190fe5b7eb806fe4a21cf9facff9a18 2500 ruby2.2_2.2.4-1.dsc
 60fa8cd88d9648f433073b86aac26bb53760693c 8312312 ruby2.2_2.2.4.orig.tar.xz
 d4a4e189c9ad014d4b7fb42f3877e5c07911e36a 88964 ruby2.2_2.2.4-1.debian.tar.xz
Checksums-Sha256:
 10e88ae41949c78c959b60faaaecac02416da47786b6027af1ac9b863e0a7507 2500 ruby2.2_2.2.4-1.dsc
 b30b307f659348cf563339137c3560bf8f923dfa8536692af4f9a50f9348269f 8312312 ruby2.2_2.2.4.orig.tar.xz
 68d0efa085a6d408664e6aebaadc3260e70d63ae6989f560c6e7205042493369 88964 ruby2.2_2.2.4-1.debian.tar.xz
Files:
 5d20ac798ecb55e0276094b35a69c043 2500 ruby extra ruby2.2_2.2.4-1.dsc
 b2b079b3c90746dbd0ab2c8b9c654b19 8312312 ruby extra ruby2.2_2.2.4.orig.tar.xz
 5a21a57de3369dae9277b68232547597 88964 ruby extra ruby2.2_2.2.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWpjh2AAoJEFwT1tuTBS4DRwsP/iyDe4wlRugAfR+V8vmrkW9M
qayNVTq48+v+aR99Iugk5G88/1zSaFxwZQCQPt/xuXomE7n0cH/KvAdY0EmD27rg
gxfPRcGp7W4EcUkDo9yp/4slhvaICIY50IvuTQRxYzK9sfY3yAUkEdXTo6SJkzcE
lEkkkwHDzB4znx2hyoDXOyM1mfdhsw4APizFUXoZEsIHqJY1rc05b3kl5hWZyEDk
l+bZ8yWeA7kxPMJooWoQoiiwDjmQdPOPvMFrpmS1py7HqS3Gj9okQII+xDbxS8Q7
ZmR38ferv7gA28OZo44UKVJCkPfZ+iMh9XWZfX5vNDzNVo7UziFYxa075MuG347w
CEYx0/uDFBTwSLBGjhcKax18w4Hv5lp3meRYQH1CQWZEjXYBjomH6GfhRQZ0haoI
qPiMwlPr0rSejIsH0Vk3Pm6m5eHZ2TK2mM5NlHd81sLNJLdgUc1xCaZHkUMzp6NH
g++MHWZ8A8ZHPwfQTX6MTJdBtKUAF69+mR29JGN541GPDnwgWole/U/3bSlEj/lE
rbUBmM4qq4gF5jbt1zibOrA0EHUFum0ZaLAPq65l5wfDNiZ2MKzieKJef1p7RBdS
kdiir+1WnGf4Yl+ioN8ZK+qVwwEWXbB1qtt0v4xEliT1OiUI8AXIbDfjidrPLI2J
kJKvtW9Piz9uyPKH5TnD
=VgFy
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 28 Feb 2016 07:40:48 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Feb 20 06:53:12 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #796551 CVE-2015-7551

Debian Bug report logs - #796551
CVE-2015-7551