Your message dated Tue, 20 Aug 2019 23:29:27 +0100 with message-id <098ffdfec287b4849a660b71c3855ef01a23a357.camel@adam-barratt.org.uk> and subject line Re: Bug#905061: stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1 has caused the Debian Bug report #905061, regarding stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 905061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905061 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1
- From: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
- Date: Tue, 31 Jul 2018 11:29:16 +0900
- Message-id: <CABMQnVLV+_zuJDnW+ObGsfDnR7T1T-soGOJv9yGsmpPcf6MgQA@mail.gmail.com>
Package: release.debian.org Severity: normal Tags: stretch User: release.debian.org@packages.debian.org Usertags: pu Dear stable release manager, I hereby propose an update for stretch of mruby. It contains a patch fixing CVE-2017-9527 [1]. The security issue was marked as being no-DSA [2]. The changelog entry is: mruby (1.2.0+20161228+git30d5424a-1+deb9u1) stretch; urgency=high * Backport patches from 1.3.0. (Closes: #865778) - CVE-2017-9527: heap-based use-after-free -- Nobuhiro Iwamatsu <iwamatsu@debian.org> Tue, 14 Nov 2017 12:40:35 +0900 Please see the attached debdiff for details. Best regards, Nobuhiro [1] https://bugs.debian.org/865778 [2] https://security-tracker.debian.org/tracker/CVE-2017-9527 -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6Attachment: mruby_1.2.0+20161228+git30d5424a-1+deb9u1.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
- To: 905061-done@bugs.debian.org, Moritz Mühlenhoff <jmm@inutil.org>, Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
- Subject: Re: Bug#905061: stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Tue, 20 Aug 2019 23:29:27 +0100
- Message-id: <098ffdfec287b4849a660b71c3855ef01a23a357.camel@adam-barratt.org.uk>
- In-reply-to: <1541104624.2224.27.camel@adam-barratt.org.uk>
- References: <CABMQnVLV+_zuJDnW+ObGsfDnR7T1T-soGOJv9yGsmpPcf6MgQA@mail.gmail.com> <CABMQnVLV+_zuJDnW+ObGsfDnR7T1T-soGOJv9yGsmpPcf6MgQA@mail.gmail.com> <20180731095628.GA11338@pisco.westfalen.local> <CABMQnVLV+_zuJDnW+ObGsfDnR7T1T-soGOJv9yGsmpPcf6MgQA@mail.gmail.com> <1541104624.2224.27.camel@adam-barratt.org.uk>
On Thu, 2018-11-01 at 20:37 +0000, Adam D. Barratt wrote: > On Tue, 2018-07-31 at 11:56 +0200, Moritz Mühlenhoff wrote: > > On Tue, Jul 31, 2018 at 11:29:16AM +0900, Nobuhiro Iwamatsu wrote: > [...] > > > I hereby propose an update for stretch of mruby. > > > > There's a few more no-dsa issues for mruby, if you're doing an > > update > > anyway, could you also check whether they make sense to be fixed in > > stretch? > > > > See here: > > https://security-tracker.debian.org/tracker/CVE-2018-10191 > > https://security-tracker.debian.org/tracker/CVE-2018-14337 > > https://security-tracker.debian.org/tracker/CVE-2018-12249 > > https://security-tracker.debian.org/tracker/CVE-2018-12248 > > https://security-tracker.debian.org/tracker/CVE-2018-11743 > > Ping? There's been no response in over a year, so I'm closing this request. Regards, Adam
--- End Message ---