Back to jruby PTS page

Accepted jruby 1.7.26-1+deb9u2 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted jruby 1.7.26-1+deb9u2 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 16 Aug 2020 12:30:12 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1k7Hng-0000dC-OQ@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 15 Aug 2020 18:30:43 +0300
Source: jruby
Binary: jruby
Architecture: source
Version: 1.7.26-1+deb9u2
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Description:
 jruby      - 100% pure-Java implementation of Ruby
Changes:
 jruby (1.7.26-1+deb9u2) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2017-17742, CVE-2019-16254: HTTP Response Splitting attacks
     in the HTTP server of WEBrick.
   * CVE-2019-16201: Regular Expression Denial of Service vulnerability
     of WEBrick's Digest access authentication.
   * CVE-2019-8320: Delete directory using symlink when decompressing tar.
   * CVE-2019-8321: Escape sequence injection vulnerability in verbose.
   * CVE-2019-8322: Escape sequence injection vulnerability in gem owner.
   * CVE-2019-8323: Escape sequence injection vulnerability in API
     response handling.
   * CVE-2019-8324: Installing a malicious gem may lead to arbitrary
     code execution.
   * CVE-2019-8325: Escape sequence injection vulnerability in errors.
   * CVE-2019-16255: Code injection vulnerability of Shell#[]
     and Shell#test.
Checksums-Sha1:
 bd06b15e0776654c0703f0c3cd23a98d86baec82 3061 jruby_1.7.26-1+deb9u2.dsc
 e1a304da12f6cc5db9d2a9a6f6f885c82b568bed 10228992 jruby_1.7.26.orig.tar.gz
 68695dd087ad699a133e0267bdf88dec929f6f0c 96384 jruby_1.7.26-1+deb9u2.debian.tar.xz
Checksums-Sha256:
 c9daffa52600d0c85dda0d3286441a1bb89d62b9420d82cfb7dc1b7018075fad 3061 jruby_1.7.26-1+deb9u2.dsc
 37bfdbf6bbf1fba7d1976d381517e86506790bd8f4a43a870c1e76de29b082ad 10228992 jruby_1.7.26.orig.tar.gz
 7c4fbfcca864981726b5f98fb53bfeb56422537f9229be357cfb824c54f9cba9 96384 jruby_1.7.26-1+deb9u2.debian.tar.xz
Files:
 9618c369b4f4868ef001757ce7302479 3061 ruby optional jruby_1.7.26-1+deb9u2.dsc
 c8d965f03ebb9b97e168bc40d81a9b91 10228992 ruby optional jruby_1.7.26.orig.tar.gz
 fe2602a99df954be0bfc475ea1ad71d4 96384 ruby optional jruby_1.7.26-1+deb9u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl85I+4ACgkQiNJCh6LY
mLG+RhAAipw21P7eAd2TI32Dq6S8dH4zcmnVyEn0+bm8n2VhrZO2/zK7jHus8wcu
x9xsjfDTPKboxmSUMPGhIG66YFyGqatBFvN7zhA2jq3ftp1wAetIYJUND+TuzmyH
wf1B6+11YpCwAYYoMmprbdtJxvywVkGkMNOafM30i8l56efCn1QziXU5Wwg363lL
0zjnUUb69R5KpKWlRWik5LUPWeG/32gD08Jl58f9ovW2qv9VTGgYR1o8PDyf60JJ
RSVnQkf+Z4wm+ZgBZkKucSi/37/oXcbj1PwNLhwU0NqnkSLZ6bz+iLreFfk26te5
VAQPc1RDl7/GOus5/0/hOH3AAaWhr6zucOvFsoZ8UVFnTTG32gvo6OPVokLkw+yU
QqbXT5ospiVRwT98Fe+c0AgB9gY9P2iOItD7wtO0zNK8d4xR0rpXcfQTD/ZbswCM
MsbgjYc2tymWqx0VI70Q88zwKZjjOopYqqJSaFqSOw0pC1uk0qBVrlScnTdI4UaC
W0mCwUMuUWBZBB7VaXp5sNtHbyZDjQVH0lhRzdq2ShS4E1p0hjEbAGql0Px+nvYX
DzDvV7G0S8u5/evrTrAuiwxs5JoKU2URJJBo3qK0Z4eoujdoGFYQIGTWAXJt2k6r
hL/TssplPGI/pSvEFKdne0BwwtkRtLE5xIY+bE6to6lV3wsMSYY=
=P5fG
-----END PGP SIGNATURE-----