Accepted jruby 9.1.17.0-3+deb10u1 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted jruby 9.1.17.0-3+deb10u1 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 30 Apr 2023 19:50:23 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: jruby_9.1.17.0-3+deb10u1_source.changes
- Debian-source: jruby
- Debian-suite: oldstable
- Debian-version: 9.1.17.0-3+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=Qu21qEmitXvf3hj67zY56h5Y0Bj7WyFwevM97j6APBE=; b=Hmxl2PeU/cSMAkpHKDqB+zEz8z aBJOKTPwcvqK0Ecfr+d+1cr3Fl/0ipGCFx1vF//OyAhKHJpN6lKRtyLWXQKpUtK0i8D/1Bi8Tg/XL cE0ERf0gjWjcUlhmFIeTYD/gbIAnsmPSQWRV51KKqcLaxvmLl5jOQl7ceoY9RrWdPFusYkTlgDGLT oq6Yh8hwNvGZYpUgvcGp/R6lQ2fOstCPs5Ei7UqwBVd3QrUo/1DGXEybkMB6nTqRKddUu/HjS7shR bYb65mVX2meNOdUVzlcgD9Hvy9Wxo+UCWe3lacefoZstfj8CVEZfKXz3heQAPXneuXeeyzz6viA+O YN6mOWrA==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1ptD3v-003OIZ-52@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 30 Apr 2023 20:10:09 +0300
Source: jruby
Architecture: source
Version: 9.1.17.0-3+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Changes:
jruby (9.1.17.0-3+deb10u1) buster-security; urgency=medium
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2017-17742, CVE-2019-16254: HTTP Response Splitting attacks
in the HTTP server of WEBrick.
* CVE-2019-16201: Regular Expression Denial of Service vulnerability
of WEBrick's Digest access authentication.
* CVE-2019-16255: Code injection vulnerability of Shell#[]
and Shell#test.
* CVE-2020-25613: HTTP Request Smuggling attack in WEBrick.
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP.
* CVE-2021-32066: Net::IMAP did not raise an exception when StartTLS
fails with an an unknown response.
* CVE-2023-28755: Quadratic backtracking on invalid URI.
* CVE-2023-28756: The Time parser mishandled invalid strings that have
specific characters.
Checksums-Sha1:
c6e6df97ee2e72def6a0b508b1be727d3254c144 3078 jruby_9.1.17.0-3+deb10u1.dsc
3b1c96fa63efdd22070742d8a8e17a3afe3bd42a 8574514 jruby_9.1.17.0.orig.tar.gz
a176266577b2115affa0534a3661aa2021730e60 87420 jruby_9.1.17.0-3+deb10u1.debian.tar.xz
Checksums-Sha256:
85841b126b38977165b2263fa063b80ef145f4a48c43818950a60a166890cb9b 3078 jruby_9.1.17.0-3+deb10u1.dsc
b66d7c14f85075afdabb5ebf5950804c5a5d5c1d05ab833f580f04ee709b5773 8574514 jruby_9.1.17.0.orig.tar.gz
87633c2fbec3afdfaa764eb9f9aa21c778dbcbd6100a03e0ecd01a1f6b6c6741 87420 jruby_9.1.17.0-3+deb10u1.debian.tar.xz
Files:
e74c86956e7afe718b6180c92b32e999 3078 ruby optional jruby_9.1.17.0-3+deb10u1.dsc
38fe13908af7fe67d32f0c62f4d42746 8574514 ruby optional jruby_9.1.17.0.orig.tar.gz
e45613a4a5cb0779782ab10235919610 87420 ruby optional jruby_9.1.17.0-3+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmROwZsACgkQiNJCh6LY
mLHP5w/2MqUR46UIXs/VPQvkVoKeH7bYgdSc8uFzIxidSjm7XynLRShq4uFX38Wr
N1DZeBcVbCM9XiTIYTCZdfgKO9dk3VrN5h6Z9J8n2o8AHr1Bou487pcrAQSSA8oU
d8PNPpUmN/wbCQoMFvKQ/XOPxhP2pXn2h9HSXSIYjoTgfMLEtyEniHMhp+804cSH
pDbNeWGTZoAZmCaUMGVfTRfF9Ktrb9aibHo9n00uQQuRzfkF4Y69jsRJHrJlqwRm
eUFU/ro9qp6t7kuSZPyUh7FWNIpQOMoFF97MNgvOi8aW7966beeN1F15C1oskjmT
6MMNJEvXXkUXYm1N8cbWQsst2i49kI7AnVkGrnApdq0dLRagKIsfhR2glvMe8uQr
3/0/wr6iK9e4XwZCp9KCJKhJw5H03SOtQ2JZZwLp4SPMN4jECPPWjeUfm2yZl45X
FBo3+whsW15KxIN2T4sidZ7S68Z80YOtmbsQ9Wx1RusylKDSlDUAnebYWUaWHATc
Cr/BkYEjKvYeaXB84vluZuvHel2KqeeRB9C20tE7/ZHJG5x8/CqpYWXc4HqLLcH6
tnpBT2RQB13C9f82BVXwtLHh7g5f+x8M2RMIhWl9gdcR7SttvBfyej/+XZiN9AJi
/62XCL7MS62Gz+8VKQ/BmVHDmfyHmT89O/4DvYYLM/VqgktMZQ==
=gHod
-----END PGP SIGNATURE-----