Accepted jruby 1.5.6-9+deb8u2 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 09 Dec 2019 21:33:31 +0100
Source: jruby
Binary: jruby
Architecture: source all
Version: 1.5.6-9+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
jruby - 100% pure-Java implementation of Ruby
Changes:
jruby (1.5.6-9+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2019-16201, CVE-2019-16254, CVE-2019-16255 and CVE-2017-17742.
Several security vulnerabilities were found in Ruby that also affected
Debian's JRuby package, a pure-Java implementation of Ruby. Attackers were
able to call arbitrary Ruby methods, cause a denial-of-service or inject
input into HTTP response headers when using the WEBrick module.
Checksums-Sha1:
57f8042f7515e23d0498bf22acd178f941609e67 2494 jruby_1.5.6-9+deb8u2.dsc
5acc12215e0d46b075e89fba1d810060a4203674 39092 jruby_1.5.6-9+deb8u2.debian.tar.xz
8937bf1b1d92e0736a2ef4797784aec27e2fb7b9 7829904 jruby_1.5.6-9+deb8u2_all.deb
Checksums-Sha256:
b68453839d5687d709708b539a0c0e93b2e5d2d41fb336f33c00a722c5b01f1b 2494 jruby_1.5.6-9+deb8u2.dsc
f59bf5705ddd67ae5dcf237febf6f8d7524d65863198fed7aad76b5a4f70f60f 39092 jruby_1.5.6-9+deb8u2.debian.tar.xz
ed29fbfe9f79431d571c9f29510006b364e892c2bb3f90624017a1dc57ed9b12 7829904 jruby_1.5.6-9+deb8u2_all.deb
Files:
83c22a6ec0eec64d303e1ab0d837d241 2494 ruby optional jruby_1.5.6-9+deb8u2.dsc
3957020d914ea2a96ddc4a43d4a79cbe 39092 ruby optional jruby_1.5.6-9+deb8u2.debian.tar.xz
b238a60ff32d5f8e161b63b8e2edf2ed 7829904 ruby optional jruby_1.5.6-9+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3viIhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkMFIP/2iuk7IF+PXW+l7eL7+ebBHL2W49QdGWcPsh
gwAf9IBvYBR0XyNm4+GwoD541bPF3P2rgQBkf+Ia6bja3AkjOcdWI21Z55LxRkze
uWaD+YqG+z5tMDH9gpfCHntegWpm7j3S7FXvVADTAUtKbg7wvVzhSEtvHmC0xqED
ryC89WYUoiASfg/DY+CImMes6SpRS1PCF3tC3WWKONS8fjBVw2ovT/7jPK+P9I0K
wC/r3WF03wA9LGkhaH175ZNMrIu1Rp6h55oTCpNYNcWPWnRY7YdmqlenzbdreSkn
zL941G81RmGJ0TmYrgeYd5FoiqdGziLtVZTFG3871rigxN0YdOJdwoU5c+0xeQiL
nN905SCrzeyrbnotOSkqCj7c6gqBGEu9K60kuokzVrCIur3HRzz9LreLqtMIwFzK
c2GDOgL0GtZvKVVHjv5QyBa+NYJ5Igiy28LkC5MF9TI9CH2Jk0EGrj5HstOTlARf
LGpJl3VM7hR1TWgpouF6ZQeWgIcmdFqn1hI5z46+E8T4A27BFmWanSIxkG+5msBc
Pd4mYedXtRxWegvLfC7bae5PqusNvKyR+qsdUxMPMtZe2+eA4pKdj2jGOjTjMPjX
76QTNjcXjoe1U3J7Lu2TfO+lOGtM1I8CjmN82w4HxZqG0rLQs70LVfR+k3nSPMOS
khHyMp7e
=OkFS
-----END PGP SIGNATURE-----