[DRE-maint] Accepted ruby2.5 2.5.1-1 (source) into unstable

Antonio Terceiro terceiro at debian.org
Sat Mar 31 16:34:59 UTC 2018


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 31 Mar 2018 13:22:48 -0300
Source: ruby2.5
Binary: ruby2.5 libruby2.5 ruby2.5-dev ruby2.5-doc
Architecture: source
Version: 2.5.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Antonio Terceiro <terceiro at debian.org>
Description:
 libruby2.5 - Libraries necessary to run Ruby 2.5
 ruby2.5    - Interpreter of object-oriented scripting language Ruby
 ruby2.5-dev - Header files for compiling extension modules for the Ruby 2.5
 ruby2.5-doc - Documentation for Ruby 2.5
Closes: 889848 892099
Changes:
 ruby2.5 (2.5.1-1) unstable; urgency=medium
 .
   * New upstream version 2.5.1.
 .
     According to the release announcement, includes fixes for the following
     security issues:
 .
     - CVE-2017-17742: HTTP response splitting in WEBrick
     - CVE-2018-6914: Unintentional file and directory creation with directory
       traversal in tempfile and tmpdir
     - CVE-2018-8777: DoS by large request in WEBrick
     - CVE-2018-8778: Buffer under-read in String#unpack
     - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
       UNIXServer and UNIXSocket
     - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
       Dir
     - Multiple vulnerabilities in RubyGems
   * Refresh patches.
 .
     Patches dropped for being already applied upstream:
 .
     - 0005-Fix-tests-to-cope-with-updates-in-tzdata.patch
     - 0006-Rubygems-apply-upstream-patch-to-fix-multiple-vulner.patch
   * Add patch to fix FTBFS on ia64 (Closes: #889848)
   * Add simple autopkgtest to check for builtin extensions that are build
     against external dependencies (ssl, yaml, *dbm etc)
   * Add build-dependency on libgdbm-compat-dev (Closes: #892099)
   * debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to
     assumptions that don't hold on newer tzdata update. Upstream bug:
     https://bugs.ruby-lang.org/issues/14655
   * debian/libruby2.5.symbols: update with new symbol added in this release
Checksums-Sha1:
 ffab60462ff0106f896effb97b0c6fc5f6fd6d6b 2396 ruby2.5_2.5.1-1.dsc
 e95ff19092f2026b161e6e6d7759489d646e10aa 15669354 ruby2.5_2.5.1.orig.tar.gz
 bb278f38ac79739b01c7b73e18659b5c237475c6 101248 ruby2.5_2.5.1-1.debian.tar.xz
 e47b70daaaff8144f9efc0988dfb43081eeee5c7 6419 ruby2.5_2.5.1-1_source.buildinfo
Checksums-Sha256:
 7435915706d3ec3ee701e2e48186a3561e7b7d72f2534ea1db81f707f848d6a8 2396 ruby2.5_2.5.1-1.dsc
 d690140ba5b91b23d990dad9170fca8ef8e9e5ac8b62f1eb7a84ecf1edce2ed3 15669354 ruby2.5_2.5.1.orig.tar.gz
 b6a1bcae7ef73639d50819d39047cc4c2f491644f3399b5fb5cbbf793264fe45 101248 ruby2.5_2.5.1-1.debian.tar.xz
 4aa400cfb4a70229125e6b442eecb5531807c82bba6afcc0ef16c0cffd86cb34 6419 ruby2.5_2.5.1-1_source.buildinfo
Files:
 efa9d5f75ab65e7c7676035379a16128 2396 ruby optional ruby2.5_2.5.1-1.dsc
 2a2c44e4d1c573006c17d9d0ef82afe3 15669354 ruby optional ruby2.5_2.5.1.orig.tar.gz
 63021d08b85b26cdf3e09c85149d1023 101248 ruby optional ruby2.5_2.5.1-1.debian.tar.xz
 417dac07bcca2522f2ae9814c99ee09b 6419 ruby optional ruby2.5_2.5.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAlq/thoACgkQ/A2xu81G
C97YWhAAqPXn/o4XFgcJa6Tlk5pT1yKiCuPYPx24mIALLypiaUfuHEFChIxOF9NI
TBf44lSHz/tzq/2yKux0SdQtCbgfUaN8eihVUdBhPE+k+RsXsIv3mNN1o33szv+N
tkuCZPfHaDHpH9E7Ibvma6NByMqhHZNOYvhmCNdP6aiM75jSbwP3gjR8Fo8/kSNA
3p2NL4qEInkyUqKfmmp1g0s41nvBxT6BiXoY4WKtZPbY7+TDNjT0IjK+zlnodLVH
cKYYPHRH0UoIuKh6+uF/HwvUtmQPJ98zOH9LSBl27mfEwKfS5ZvQqaKdSABYs+5S
nYsFQ6rNewqRJXaGiRRB80Xy3br402sZRSgl3SOaH/KVNBGt3E9UwKpXzpWBN7G4
w3D2237IMhSjFPyqePeTs++/j5IYetgz1vSL+T9njAtd9wZM7UE1GwHLXMEPxc+Y
tfbthz4d+pMTLaK0WK4TftPOT+0mKUD7qVVa2IyW7DWeQPrzg0cWExz7zw0lBFDN
pmHd5YKfGtNwXxZ2txK8+1KHiySvJOV0c0bFMs5y3y4iBINVgBiReXsGTe5U81D7
+uMxEASH9X4FiQ9QCqYLzJbB0llq6uzulJuKWCAyCZUT2ZfOwZhbtt0OshFGhTOD
GsMM1qePltBHCD9hsIYbFc2n4iQ/CRvM1BYuXSo52nSrlUSgS7I=
=A45a
-----END PGP SIGNATURE-----




More information about the Pkg-ruby-extras-maintainers mailing list