Accepted ruby2.1 2.1.5-2+deb8u4 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 13 Jul 2018 15:55:10 +0200
Source: ruby2.1
Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc ruby2.1-tcltk
Architecture: source amd64 all
Version: 2.1.5-2+deb8u4
Distribution: jessie-security
Urgency: medium
Maintainer: Antonio Terceiro <terceiro@debian.org>
Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net>
Description:
libruby2.1 - Libraries necessary to run Ruby 2.1
ruby2.1 - Interpreter of object-oriented scripting language Ruby
ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1
ruby2.1-doc - Documentation for Ruby 2.1
ruby2.1-tcltk - Ruby/Tk for Ruby 2.1
Closes: 851161
Changes:
ruby2.1 (2.1.5-2+deb8u4) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* Fix multiple security issues:
* CVE-2015-9096: SMTP command injection via CRLF sequences
* CVE-2016-2339: Exploitable heap overflow in Fiddle::Function.new
(Closes: #851161)
* CVE-2016-7798: Fix IV Reuse in GCM Mode.
Patch by Kazuki Yamaguchi <k@rhe.jp>
* CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
* CVE-2017-10784: lib/webrick/log.rb: sanitize any type of logs
* CVE-2017-14033: asn1: fix out-of-bounds read in decoding
constructed objects
* CVE-2017-14064: Heap exposure vulnerability in generating JSON
* CVE-2017-0903: Whitelist classes and symbols that are in Gem spec
YAML
* Fix multiple vulnerabilities in rubygems:
- a DNS request hijacking vulnerability. (CVE-2017-0902)
- an ANSI escape sequence vulnerability. (CVE-2017-0899)
- a DoS vulnerability in the query command. (CVE-2017-0900)
- a vulnerability in the gem installer that allowed a malicious gem to
overwrite arbitrary files. (CVE-2017-0901)
* CVE-2017-17405: Command injection in Net::FTP
* CVE-2017-17790: Command injection in Hosts:new() by use of
Kernel#open
* CVE-2018-1000075: Strictly interpret octal fields in tar headers to
avoid infinite loop
* CVE-2018-1000076: Raise a security error when there are duplicate
files in a package
* CVE-2018-1000077: Enforce URL validation on spec homepage attribute.
* CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute
when displayed via gem server.
* CVE-2018-1000079: Directory Traversal vulnerability in gem
installation that can result in the gem could write to arbitrary
filesystem locations.
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte
in Dir
* CVE-2018-6914: Unintentional file and directory creation with
directory traversal in tempfile and tmpdir
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2017-17742: HTTP response splitting in WEBrick
Checksums-Sha1:
490db54ac805cf66161a58d9e9df6366633a202a 2451 ruby2.1_2.1.5-2+deb8u4.dsc
bf1b9ba5cb3dd61657fa5d754a462d0b3dae1597 118676 ruby2.1_2.1.5-2+deb8u4.debian.tar.xz
6a4689260fcf7ac9ce2ea767738ae8746dc7d80e 277320 ruby2.1_2.1.5-2+deb8u4_amd64.deb
1cbf470ab7bc1732d82d2f1eaae86f3b4909c7ae 3287344 libruby2.1_2.1.5-2+deb8u4_amd64.deb
0766e10c21d6c9f7c6660567fdc965541d85ee06 1101170 ruby2.1-dev_2.1.5-2+deb8u4_amd64.deb
40674885932c2b6acf1984537f43be01e15df228 3381784 ruby2.1-doc_2.1.5-2+deb8u4_all.deb
323826dca8fa51a7838d6e0bffd6374db173c181 477868 ruby2.1-tcltk_2.1.5-2+deb8u4_amd64.deb
Checksums-Sha256:
2dad2d8aa5c691d4675c41215028c60d27526c0b31ecdd487e36ac96669b338f 2451 ruby2.1_2.1.5-2+deb8u4.dsc
48452bb74d6b82d9cb4e704cc14d40abb90839de9c81b71ffbd02bf609b0a2d2 118676 ruby2.1_2.1.5-2+deb8u4.debian.tar.xz
2b0073ae5bb4d51cb4073050f044ff497b0f68373de6fb6e2b4baa50b6c31eb5 277320 ruby2.1_2.1.5-2+deb8u4_amd64.deb
a76452119876e34371e5bde9582349226931e9a1f8c8e6ee6bbd98585d119428 3287344 libruby2.1_2.1.5-2+deb8u4_amd64.deb
56c6784a5d1cc3ce9ccb23a578e06b0c9aba57828da391acb74b2e60e014156a 1101170 ruby2.1-dev_2.1.5-2+deb8u4_amd64.deb
62a5f7f59e84bc6677c995ffcc2c32ee1577af459de2561845c3c0e053c328f4 3381784 ruby2.1-doc_2.1.5-2+deb8u4_all.deb
82e15ed044e3e1997513a2fb1d08684f137d3d8333a38a8ae528b0750aed2300 477868 ruby2.1-tcltk_2.1.5-2+deb8u4_amd64.deb
Files:
70451c2d2802f0daf2c6eaf6d9e6db36 2451 ruby extra ruby2.1_2.1.5-2+deb8u4.dsc
d2ddb65a492dddbe57b2d77acb7bb4c5 118676 ruby extra ruby2.1_2.1.5-2+deb8u4.debian.tar.xz
acb436ee7477ed62bd0857ed959fa38d 277320 ruby extra ruby2.1_2.1.5-2+deb8u4_amd64.deb
de22d4cbd55738c38ee1c13bb5e97947 3287344 libs extra libruby2.1_2.1.5-2+deb8u4_amd64.deb
6d48dd55fd3e10cefb702a085d3d7946 1101170 ruby extra ruby2.1-dev_2.1.5-2+deb8u4_amd64.deb
b10541bfd297e544d497313a8d8e38e2 3381784 doc extra ruby2.1-doc_2.1.5-2+deb8u4_all.deb
41771a7e4222e15b14bdbc425f16527e 477868 ruby extra ruby2.1-tcltk_2.1.5-2+deb8u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAltIyL0ACgkQFX/a4RXx
4q20/w//RQFaH22WOnkuFp0WQ1rSpR/bxGJSrcXWoW8ybCIGdEFaUktxQXrflb1o
ac8PSlmKhtsDVgD5HSnUZiqgcpFeEyLOj10COpeOFS0pLWv3HRRd5idy0ZzTSNE0
sWFZe7hoVT1X+4iDpki23QYM8HXd3vLyAeebgGyAmNtK43uNGWEhYfYCZKKsYStR
yVHyivfByDPL8AcJzRNBzxKk3iuyPFxDQ3OwhevE2CwE1EqP7+Ic2bboiYiUa7mN
bW2uPFBUWMf/jyZWd5OqeA+t/7LJkcOV5IJmNv4MjICPRkyePBHWkSsjWzKEt8ZE
C0rAwvvK2y5IIkFVdFGgoyUWGf+oiPOAll/rUxqmIdxvloFFeAZbmAbbDooQLkf/
b7x3ZUuaBXy+wJh40vNPtAISva/5hcI9WoyTJt57UTSrVObZokRePH02481qwVUG
ARmK7eyTs70OlaiKTVxTP3F/X1MUE0ceytc9sBxEG9D9IYG8sP0JZ6ZPU6i6Cn7s
lzN+I+CG+s/X6hUecxfWLG+vv/v2f7x+GY5obw5GQJ+R5zCqtJFBZkpqQ9dBEKfe
4duuyG94MfXiiGbBA9U33lBnBTEtu8cQFSAQlEZJMFhK+JTJNoGeghhiEvdnzYPT
o3vAuhGjjPA3wRzhUxMvFD7SVtEWN5Eg2GsGDbjhqNBH1i54AWc=
=QoJe
-----END PGP SIGNATURE-----