[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#905061: marked as done (stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1)



Your message dated Tue, 20 Aug 2019 23:29:27 +0100
with message-id <098ffdfec287b4849a660b71c3855ef01a23a357.camel@adam-barratt.org.uk>
and subject line Re: Bug#905061: stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1
has caused the Debian Bug report #905061,
regarding stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
905061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905061
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Dear stable release manager,

I hereby propose an update for stretch of mruby. It contains a patch
fixing CVE-2017-9527 [1]. The security issue was marked as being
no-DSA [2].

The changelog entry is:

  mruby (1.2.0+20161228+git30d5424a-1+deb9u1) stretch; urgency=high

    * Backport patches from 1.3.0. (Closes: #865778)
      - CVE-2017-9527: heap-based use-after-free

   -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Tue, 14 Nov 2017 12:40:35 +0900

Please see the attached debdiff for details.

Best regards,
  Nobuhiro

[1] https://bugs.debian.org/865778
[2] https://security-tracker.debian.org/tracker/CVE-2017-9527

-- 
Nobuhiro Iwamatsu
   iwamatsu at {nigauri.org / debian.org}
   GPG ID: 40AD1FA6

Attachment: mruby_1.2.0+20161228+git30d5424a-1+deb9u1.debdiff
Description: Binary data


--- End Message ---
--- Begin Message ---
On Thu, 2018-11-01 at 20:37 +0000, Adam D. Barratt wrote:
> On Tue, 2018-07-31 at 11:56 +0200, Moritz Mühlenhoff wrote:
> > On Tue, Jul 31, 2018 at 11:29:16AM +0900, Nobuhiro Iwamatsu wrote:
> [...]
> > > I hereby propose an update for stretch of mruby.
> > 
> > There's a few more no-dsa issues for mruby, if you're doing an
> > update
> > anyway, could you also check whether they make sense to be fixed in
> > stretch?
> > 
> > See here:
> > https://security-tracker.debian.org/tracker/CVE-2018-10191
> > https://security-tracker.debian.org/tracker/CVE-2018-14337
> > https://security-tracker.debian.org/tracker/CVE-2018-12249
> > https://security-tracker.debian.org/tracker/CVE-2018-12248
> > https://security-tracker.debian.org/tracker/CVE-2018-11743
> 
> Ping?

There's been no response in over a year, so I'm closing this request.

Regards,

Adam

--- End Message ---

Reply to: