[DRE-maint] Accepted ruby2.5 2.5.1-1 (source) into unstable
Antonio Terceiro
terceiro at debian.org
Sat Mar 31 16:34:59 UTC 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 31 Mar 2018 13:22:48 -0300
Source: ruby2.5
Binary: ruby2.5 libruby2.5 ruby2.5-dev ruby2.5-doc
Architecture: source
Version: 2.5.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Antonio Terceiro <terceiro at debian.org>
Description:
libruby2.5 - Libraries necessary to run Ruby 2.5
ruby2.5 - Interpreter of object-oriented scripting language Ruby
ruby2.5-dev - Header files for compiling extension modules for the Ruby 2.5
ruby2.5-doc - Documentation for Ruby 2.5
Closes: 889848 892099
Changes:
ruby2.5 (2.5.1-1) unstable; urgency=medium
.
* New upstream version 2.5.1.
.
According to the release announcement, includes fixes for the following
security issues:
.
- CVE-2017-17742: HTTP response splitting in WEBrick
- CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir
- CVE-2018-8777: DoS by large request in WEBrick
- CVE-2018-8778: Buffer under-read in String#unpack
- CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket
- CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
Dir
- Multiple vulnerabilities in RubyGems
* Refresh patches.
.
Patches dropped for being already applied upstream:
.
- 0005-Fix-tests-to-cope-with-updates-in-tzdata.patch
- 0006-Rubygems-apply-upstream-patch-to-fix-multiple-vulner.patch
* Add patch to fix FTBFS on ia64 (Closes: #889848)
* Add simple autopkgtest to check for builtin extensions that are build
against external dependencies (ssl, yaml, *dbm etc)
* Add build-dependency on libgdbm-compat-dev (Closes: #892099)
* debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to
assumptions that don't hold on newer tzdata update. Upstream bug:
https://bugs.ruby-lang.org/issues/14655
* debian/libruby2.5.symbols: update with new symbol added in this release
Checksums-Sha1:
ffab60462ff0106f896effb97b0c6fc5f6fd6d6b 2396 ruby2.5_2.5.1-1.dsc
e95ff19092f2026b161e6e6d7759489d646e10aa 15669354 ruby2.5_2.5.1.orig.tar.gz
bb278f38ac79739b01c7b73e18659b5c237475c6 101248 ruby2.5_2.5.1-1.debian.tar.xz
e47b70daaaff8144f9efc0988dfb43081eeee5c7 6419 ruby2.5_2.5.1-1_source.buildinfo
Checksums-Sha256:
7435915706d3ec3ee701e2e48186a3561e7b7d72f2534ea1db81f707f848d6a8 2396 ruby2.5_2.5.1-1.dsc
d690140ba5b91b23d990dad9170fca8ef8e9e5ac8b62f1eb7a84ecf1edce2ed3 15669354 ruby2.5_2.5.1.orig.tar.gz
b6a1bcae7ef73639d50819d39047cc4c2f491644f3399b5fb5cbbf793264fe45 101248 ruby2.5_2.5.1-1.debian.tar.xz
4aa400cfb4a70229125e6b442eecb5531807c82bba6afcc0ef16c0cffd86cb34 6419 ruby2.5_2.5.1-1_source.buildinfo
Files:
efa9d5f75ab65e7c7676035379a16128 2396 ruby optional ruby2.5_2.5.1-1.dsc
2a2c44e4d1c573006c17d9d0ef82afe3 15669354 ruby optional ruby2.5_2.5.1.orig.tar.gz
63021d08b85b26cdf3e09c85149d1023 101248 ruby optional ruby2.5_2.5.1-1.debian.tar.xz
417dac07bcca2522f2ae9814c99ee09b 6419 ruby optional ruby2.5_2.5.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAlq/thoACgkQ/A2xu81G
C97YWhAAqPXn/o4XFgcJa6Tlk5pT1yKiCuPYPx24mIALLypiaUfuHEFChIxOF9NI
TBf44lSHz/tzq/2yKux0SdQtCbgfUaN8eihVUdBhPE+k+RsXsIv3mNN1o33szv+N
tkuCZPfHaDHpH9E7Ibvma6NByMqhHZNOYvhmCNdP6aiM75jSbwP3gjR8Fo8/kSNA
3p2NL4qEInkyUqKfmmp1g0s41nvBxT6BiXoY4WKtZPbY7+TDNjT0IjK+zlnodLVH
cKYYPHRH0UoIuKh6+uF/HwvUtmQPJ98zOH9LSBl27mfEwKfS5ZvQqaKdSABYs+5S
nYsFQ6rNewqRJXaGiRRB80Xy3br402sZRSgl3SOaH/KVNBGt3E9UwKpXzpWBN7G4
w3D2237IMhSjFPyqePeTs++/j5IYetgz1vSL+T9njAtd9wZM7UE1GwHLXMEPxc+Y
tfbthz4d+pMTLaK0WK4TftPOT+0mKUD7qVVa2IyW7DWeQPrzg0cWExz7zw0lBFDN
pmHd5YKfGtNwXxZ2txK8+1KHiySvJOV0c0bFMs5y3y4iBINVgBiReXsGTe5U81D7
+uMxEASH9X4FiQ9QCqYLzJbB0llq6uzulJuKWCAyCZUT2ZfOwZhbtt0OshFGhTOD
GsMM1qePltBHCD9hsIYbFc2n4iQ/CRvM1BYuXSo52nSrlUSgS7I=
=A45a
-----END PGP SIGNATURE-----
More information about the Pkg-ruby-extras-maintainers
mailing list