Back to ruby-nokogiri PTS page

Accepted ruby-nokogiri 1.6.8.1-1+deb9u1 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted ruby-nokogiri 1.6.8.1-1+deb9u1 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 06 Jun 2021 18:00:13 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1lpx4H-0007Ma-67@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 06 Jun 2021 15:38:07 +0200
Source: ruby-nokogiri
Binary: ruby-nokogiri
Architecture: source
Version: 1.6.8.1-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 ruby-nokogiri - HTML, XML, SAX, and Reader parser for Ruby
Changes:
 ruby-nokogiri (1.6.8.1-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2020-26247:
     Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with
     XPath and CSS selector support. An XXE vulnerability was found in
     Nokogiri. XML Schemas parsed by Nokogiri::XML::Schema were trusted by
     default, allowing external resources to be accessed over the network,
     potentially enabling XXE or SSRF attacks. The new default behavior is to
     treat all input as untrusted. See also
     https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
     for more information how to mitigate the problem or to restore the old
     behavior again.
Checksums-Sha1:
 1d6a1884badd774eaef4b8591f41bbeb3066bc7e 2432 ruby-nokogiri_1.6.8.1-1+deb9u1.dsc
 3b217ef19d26c88424428a9dfd11bb7f051bd610 415104 ruby-nokogiri_1.6.8.1.orig.tar.gz
 0d4e36bf9c9ad0d5ad3d6dcd84b21928e212e656 9872 ruby-nokogiri_1.6.8.1-1+deb9u1.debian.tar.xz
 99096d8b6c72d830a04e90b61ecdd8cb91a2d101 7787 ruby-nokogiri_1.6.8.1-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 0dd528cb7cef0ce37557201015a7ab165e4328f0249e998cfedd98793578b67f 2432 ruby-nokogiri_1.6.8.1-1+deb9u1.dsc
 4ae97d9af051b80b6a526d55be2a71c1f18e3b8967a9e59c3b6b8a1d475f5889 415104 ruby-nokogiri_1.6.8.1.orig.tar.gz
 ed558ee30ca6dd8867d5ecbbbcd32be4429f2c38c3dfd524464b8dfabb1eb9d4 9872 ruby-nokogiri_1.6.8.1-1+deb9u1.debian.tar.xz
 31d59668a7af177b3ed70d876353be1327679087899b17bbf26a72f11c05c10e 7787 ruby-nokogiri_1.6.8.1-1+deb9u1_amd64.buildinfo
Files:
 36d1f528716467de390e173e376fde3c 2432 ruby optional ruby-nokogiri_1.6.8.1-1+deb9u1.dsc
 babd4c2d8c0a9081e59da9898e91c559 415104 ruby optional ruby-nokogiri_1.6.8.1.orig.tar.gz
 88d31d1fd12c6f66b9907e0f9d69e6b3 9872 ruby optional ruby-nokogiri_1.6.8.1-1+deb9u1.debian.tar.xz
 06c8dc85d443f7a3151a9376202c78eb 7787 ruby optional ruby-nokogiri_1.6.8.1-1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmC9CKRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkpEMP+QEmkMGiJOuNslzFSQVU5CsujyKIDoRUcAUK
c3fLBtYwY4PLhPq3H5nwIpJknG/0icgHvOX7c7ple6x+pEwguyRsgScgGFeKZrGK
5G+crJ7yUBHvqH246q89TEm+TxLhxJB/D4MbPpNOxfPbENuk5yeFMdl7ZXsl83fe
FE7ZXHVplUpAc65ZVi4vEcWfOrPIpe4CVINMN238mgOOX3H3IBw4TMPZNXf6bxLn
LhZAXcKADa4t14pbDoOsaUs2HIYzVKZedP/uwOZ66VarUf6itZJSuvnSqXBWc7dN
rBNV+otuIFuxGMaeukDPpTU7jcKtyevQK/i3ImjrVxdRt8pLrNdY3GWLARxz81lH
a0AdReF/GvU5cGJQ40GOkx5iBXtkz1JB7QbuGjlXOmrw86wjrYLRNpK9DU1KG+Kf
fdqIyMe/6ztd8fbu7aejG186QdHs4pQsQX9s/gH90YenHLygoahvaNtHO1gVOe18
YzOYjKVfPoZOXhpZYKd+vqRcvUYVF4URHGX62asYEqV9kqdim+C6JSTt7sQ+Xc6Y
0TqVro2EZ8l0OXvVox+tL6eiDcM7s2LVb0Cag5+p5tAWygfM73LT0bsLvF+/+5z8
LMRmMzErwOFF9q2025ZdpUnN7pOLGBiJofn2RlOCrP6FvmAlSpSj0RTK0/kWdxKo
Z7ZbYNRe
=pnRW
-----END PGP SIGNATURE-----