[jruby] 01/01: Update changelog
Markus Koschany
apo at moszumanska.debian.org
Sun Apr 29 22:43:32 BST 2018
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch jessie
in repository jruby.
commit 1880d2182db2912a00cedd38a410bf8c87433b5d
Author: Markus Koschany <apo at debian.org>
Date: Sun Apr 29 23:43:05 2018 +0200
Update changelog
---
debian/changelog | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 92d2df7..c920731 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+jruby (1.5.6-9+deb8u1) jessie-security; urgency=high
+
+ * Team upload.
+ * Fix CVE-2018-1000074: possible Unsafe Object Deserialization Vulnerability
+ in gem owner.
+ * Fix CVE-2018-1000075: Strictly interpret octal fields in tar headers to
+ avoid infinite loop
+ * Fix CVE-2018-1000076: Raise a security error when there are duplicate
+ files in a package
+ * Fix CVE-2018-1000077: Enforce URL validation on spec homepage attribute.
+ * Fix CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute
+ when displayed via gem server.
+ (Closes: #895778)
+
+ -- Markus Koschany <apo at debian.org> Sun, 29 Apr 2018 19:55:49 +0200
+
jruby (1.5.6-9) unstable; urgency=medium
* Team upload.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/jruby.git
More information about the pkg-java-commits
mailing list