jruby_1.7.26-1+deb9u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Jun 12 23:03:57 BST 2018
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 29 Apr 2018 22:24:33 +0200
Source: jruby
Binary: jruby
Architecture: source all
Version: 1.7.26-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Description:
jruby - 100% pure-Java implementation of Ruby
Closes: 895778
Changes:
jruby (1.7.26-1+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2018-1000073: Directory Traversal vulnerability in install_location
function of package.rb that can result in path traversal when writing to a
symlinked basedir outside of the root.
* Fix CVE-2018-1000074: possible Unsafe Object Deserialization Vulnerability
in gem owner.
* Fix CVE-2018-1000075: Strictly interpret octal fields in tar headers to
avoid infinite loop
* Fix CVE-2018-1000076: Raise a security error when there are duplicate
files in a package
* Fix CVE-2018-1000077: Enforce URL validation on spec homepage attribute.
* Fix CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute
when displayed via gem server.
* Fix CVE-2018-1000079: Directory Traversal vulnerability in gem installation
that can result in writing to arbitrary filesystem locations during
installation of malicious gems.
(Closes: #895778)
Checksums-Sha1:
77a1a63dbd114dc1889acfc4f70629f3a0b78e8b 3212 jruby_1.7.26-1+deb9u1.dsc
e1a304da12f6cc5db9d2a9a6f6f885c82b568bed 10228992 jruby_1.7.26.orig.tar.gz
aeb515f6e7112b82ab19f0e7eb08494d492f6622 92000 jruby_1.7.26-1+deb9u1.debian.tar.xz
6b19ad31fa00fe64a865a0fbb3c841df27e93509 49204708 jruby_1.7.26-1+deb9u1_all.deb
3760127488659ec0ac376f5093858c3b0bef0c1b 17605 jruby_1.7.26-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
ec52c2bb87310172b117dcc67d43f858bf56b481d14f2a91556d58c97da87308 3212 jruby_1.7.26-1+deb9u1.dsc
37bfdbf6bbf1fba7d1976d381517e86506790bd8f4a43a870c1e76de29b082ad 10228992 jruby_1.7.26.orig.tar.gz
c9f823ac388e1cd0b22ea3d22bc7cbfaf722632d9c05dbb26fa4e39fc1e16874 92000 jruby_1.7.26-1+deb9u1.debian.tar.xz
7c5196fa3dc7a4287e9e0ecdc23db16d45512dc5f788eec3e5d17b6743f89f75 49204708 jruby_1.7.26-1+deb9u1_all.deb
e3f45ef92ba375652cd47450642ef613eadb79c4ba23ee706ee7778b263d1ebf 17605 jruby_1.7.26-1+deb9u1_amd64.buildinfo
Files:
40fdd7260a9af15595a0a7f8efdb5b92 3212 ruby optional jruby_1.7.26-1+deb9u1.dsc
c8d965f03ebb9b97e168bc40d81a9b91 10228992 ruby optional jruby_1.7.26.orig.tar.gz
f491676ad338441619efe57c7de067d8 92000 ruby optional jruby_1.7.26-1+deb9u1.debian.tar.xz
29843476714c9158a6e0b57c087d30a5 49204708 ruby optional jruby_1.7.26-1+deb9u1_all.deb
9dd3df6943fc4809566218bd2176602b 17605 ruby optional jruby_1.7.26-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlsXtG9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkYpYP/0hShTSlDpIbfV3WC0xwcDoksiCq+erc6WlM
WvoaP4v4G5638qKlav703iqRvxHjTuqCF5vSIvKIZtA83XlVkKtAviFrH6TE+lBF
UxJ7SZ/If/HqySs09TF4vmKzxBwtmnjpXsIqjKCVavMo7gT4IV5q4KqHkEOaQTlo
XbG1/vDNW+Wjtn89qPfBDtSGksRVhtZuS5OX4ceDn5ApqP4s+oy4F8xEnbS8Vu/1
VOYJy77G5wLFEsQKP7tvk0D/ptnQ+Z2+lNwQxDhtdOWsGyjLMaWGTppPXJEiAyMC
O3+j5rKWKMc3o/qqN5GZsRpYA1ZxBBBVEECYvX/ocmohPaYqE9HQQbTaIvNmrVKF
vyb13XBky9GGRJNyZ6so62t5UdkYsEJm/g0jkMWucx+0aOGhSFKhy3CumTt8S1L/
hcVNSKw2adSqwJL4buMJYYltV5Nt64xzFXyjy1C7youhd1Urw//ZiYdH/y5EvkwC
nRJRqkE1IHHjD4K9eH5PUDhPo99/6UR8bmYrobgRvXq+JIXanyxRDfa+vxDVBQIl
SmZA+ARLRKF27eGAtK3pVTmaeHBuT5QXo1yZJLry8lLXbSKAGmve6zjT9TXN+an9
7VF0kdE06m3fwsSo2ktPihwv92O0wxUgaLF5h631WEAKaS9V/CcOq48ePRUGJ2g+
B2Ide6eE
=BK+l
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list