[jruby] 01/01: Update changelog

Markus Koschany apo at moszumanska.debian.org
Sun Apr 29 22:43:32 BST 2018


This is an automated email from the git hooks/post-receive script.

apo pushed a commit to branch jessie
in repository jruby.

commit 1880d2182db2912a00cedd38a410bf8c87433b5d
Author: Markus Koschany <apo at debian.org>
Date:   Sun Apr 29 23:43:05 2018 +0200

    Update changelog
---
 debian/changelog | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 92d2df7..c920731 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+jruby (1.5.6-9+deb8u1) jessie-security; urgency=high
+
+  * Team upload.
+  * Fix CVE-2018-1000074: possible Unsafe Object Deserialization Vulnerability
+    in gem owner.
+  * Fix CVE-2018-1000075: Strictly interpret octal fields in tar headers to
+    avoid infinite loop
+  * Fix CVE-2018-1000076: Raise a security error when there are duplicate
+    files in a package
+  * Fix CVE-2018-1000077: Enforce URL validation on spec homepage attribute.
+  * Fix CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute
+    when displayed via gem server.
+    (Closes: #895778)
+
+ -- Markus Koschany <apo at debian.org>  Sun, 29 Apr 2018 19:55:49 +0200
+
 jruby (1.5.6-9) unstable; urgency=medium
 
   * Team upload.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/jruby.git



More information about the pkg-java-commits mailing list