Accepted rexical 1.0.5-2+deb10u1 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted rexical 1.0.5-2+deb10u1 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 12 Oct 2022 13:50:23 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: rexical_1.0.5-2+deb10u1_source.changes
- Debian-source: rexical
- Debian-suite: oldstable
- Debian-version: 1.0.5-2+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=AchjPpI2+0eTHJThwdQQA7uVUpfEOSaWrG2x+qKpwrQ=; b=YuwEL3Artkiz3zWLyXPfL/cBRK QC6ceKXelUgJGz0z/bXzRRTJE4nMAWp1BLz7FzmO16c8ArAMKZlwhfA6CdminSGDD51NEX9AMSJ5e VwKVe8QPvD6woHptSsrIs9Q09L9XeHcX2QcTFlFbAwfI5xDjOcDrK5tlbwhmqAOkFFru81GSaMr3z 479Vs6DpTj2Eh8SOQ8NSK0xVuWdVdKubLi13Ko6tEQWm608RyqvhEcGCaOfAWGSChgSPbQ5AsgUYo BFkjDZg+wpn0RrdgsNEujI3uVm4e8C1320yHA7mTASLNCE5Z8BwR8THB61YzbuevKDoF5dpyhPV5N No0Z3pIA==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1oic7r-00CfD9-Q3@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 12 Oct 2022 15:00:36 +0200
Source: rexical
Architecture: source
Version: 1.0.5-2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Closes: 940905
Changes:
rexical (1.0.5-2+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2019-5477: command injection vulnerability allows commands to be
executed in a subprocess via Ruby's `Kernel.open` method. Processes
are vulnerable only if the undocumented method
`Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user
input as the filename. This vulnerability appears in code generated by
the Rexical gem. (Closes: #940905)
Checksums-Sha1:
c2ca9ff25a45ca7ae2b8bcfb033a5abb7f2debd2 2053 rexical_1.0.5-2+deb10u1.dsc
2e87d248970dcc239a12e457adfaebf655e3c9c4 17142 rexical_1.0.5.orig.tar.gz
87f173c4d3e9d1972fd623a8d3ae326f2e1a16c3 5880 rexical_1.0.5-2+deb10u1.debian.tar.xz
bed9d79110dfa8c834ded71969ac458db930ee54 8817 rexical_1.0.5-2+deb10u1_all.buildinfo
Checksums-Sha256:
c8c57af0a1d556ec48bd0fcd30a8bb20ca907650a028c865084da51ddf8f4744 2053 rexical_1.0.5-2+deb10u1.dsc
0a0b479a6aa4f7ed0f066b89cd81c028d597a3c6841c7b5a7f7df21cc227e3e8 17142 rexical_1.0.5.orig.tar.gz
560ad847246a0bfde4926aabaa651e352e76c80591256efb399f526ff8c63d1b 5880 rexical_1.0.5-2+deb10u1.debian.tar.xz
aba1701afc32881d6dc1326636523bc55a95cdf655c4d29b9f546ecc08c20d16 8817 rexical_1.0.5-2+deb10u1_all.buildinfo
Files:
8acc10f24a53123132655ab029c8db5a 2053 ruby optional rexical_1.0.5-2+deb10u1.dsc
54bc7d3d96f63796533176def4d7124c 17142 ruby optional rexical_1.0.5.orig.tar.gz
cee0b436e1b7f4ca79e492233a25f394 5880 ruby optional rexical_1.0.5-2+deb10u1.debian.tar.xz
fe6937f32f42cc5072621c05ef963fcf 8817 ruby optional rexical_1.0.5-2+deb10u1_all.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmNGwTgACgkQDTl9HeUl
XjA51hAAody1tP4VOpH5mzxLVTTHje8UTW5BmA5OKio3Z1SrqsfnNR+XmnbqsgPa
W8RHi3p2GnAAf/v3F2mgUF1uJ5v/aFkKNsKCBNm/3eKakIhk0RuO5/RG85snqEQr
Rsd8PtyPi5j0COfxq6u5ubM57lnrQMhzqXIhbqZqXu1EnjD5ki3oNoEG1QAcxwP4
QKbBZtx5hv1XKlLjbi3VXs4wfCHz4ZdPBc3YTXqBvZ5adQMKnPLRmbLKDnzUiZq0
QfABTRPA5kh4VRXaSBEKkYwVqYQUFfE+A1kbX17iFAbqwe6Nnb01+izRO8ZmsVuK
nxwZv/+JViasY4D9ZID60b2v6+iKofnN2Y1Lh1Bod9x20XgqBjG3SgIVus+tTDuc
ukxaRRj3jOI2YYrxqlxbIM6K03Z3XXbGC7KJU0Gfy2e6VD4f08KqIrFh3DbP/h5p
EVQ4cmldRLrLc/qHQ/mk3/Fj8NcYqD6IpbLVVCR25BCqvpCL+uqadpCBg3wJ+1sd
TNLCq5w3H3qvYHPBXT+JmM8glwWSbI6ACDXeO9nMlgvmBrYOo+sFHAZcQqxoojzR
8taiQWLzczhWzwjyOaXz020yANh/k3ehujcfd2fy9uORptQ7EXBVBndY5XkPMXzN
hi7/M8Rq7ry4/02c6gcLB/cNmw5Z1R3n4bITxrTVi1kQI00chKg=
=fhfZ
-----END PGP SIGNATURE-----