-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 02 Sep 2017 15:11:07 -0300 Source: ruby2.3 Binary: ruby2.3 libruby2.3 ruby2.3-dev ruby2.3-doc ruby2.3-tcltk Architecture: source amd64 all Version: 2.3.3-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Antonio Terceiro <terceiro@debian.org> Changed-By: Antonio Terceiro <terceiro@debian.org> Description: libruby2.3 - Libraries necessary to run Ruby 2.3 ruby2.3 - Interpreter of object-oriented scripting language Ruby ruby2.3-dev - Header files for compiling extension modules for the Ruby 2.3 ruby2.3-doc - Documentation for Ruby 2.3 ruby2.3-tcltk - Ruby/Tk for Ruby 2.3 Closes: 842432 864860 873802 873906 Changes: ruby2.3 (2.3.3-1+deb9u1) stretch-security; urgency=high . * Fix arbitrary heap exposure problem in the JSON library (Closes: #873906) [CVE-2017-14064] - Backported for Ruby 2.3 by Hiroshi SHIBATA <hsbt@ruby-lang.org> https://bugs.ruby-lang.org/issues/13853 * Fix multiple security vulnerabilities in Rubygems (Closes: #873802) - Fix a DNS request hijacking vulnerability. Discovered by Jonathan Claudius, fix by Samuel Giddins. [CVE-2017-0902] - Fix an ANSI escape sequence vulnerability. Discovered by Yusuke Endoh, fix by Evan Phoenix. [CVE-2017-0899] - Fix a DOS vulernerability in the query command. Discovered by Yusuke Endoh, fix by Samuel Giddins. [CVE-2017-0900] - Fix a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. Discovered by Yusuke Endoh, fix by Samuel Giddins. [CVE-2017-0901] * Fix SMTP comment injection (Closes: #864860) Patch by Shugo Maeda <shugo@ruby-lang.org> [CVE-2015-9096] * Fix IV Reuse in GCM Mode (Closes: #842432) Patch by Kazuki Yamaguchi <k@rhe.jp> [CVE-2016-7798] Checksums-Sha1: 1fb0abe2fa93e6436dc5982a9624e321a1233aae 2500 ruby2.3_2.3.3-1+deb9u1.dsc f47b1a3beb1dee13355a3d5e6f23ee7e03428e8b 8359724 ruby2.3_2.3.3.orig.tar.xz abd1db48d6701ab6ac61cb1f1db92a2aecac2db9 98172 ruby2.3_2.3.3-1+deb9u1.debian.tar.xz dafcaefc02b5722139f683a4dfe5c4e38769a8a9 4603116 libruby2.3-dbgsym_2.3.3-1+deb9u1_amd64.deb 2e5b14ba3b415142c6350ae38ab633e01f8c753f 3108522 libruby2.3_2.3.3-1+deb9u1_amd64.deb 0cb65c2e64e33350351288008414700b290a522b 5220 ruby2.3-dbgsym_2.3.3-1+deb9u1_amd64.deb 6c44b7b4b0ffc85ce3e23a39e1aede5b6abf31d9 1178900 ruby2.3-dev_2.3.3-1+deb9u1_amd64.deb 35cee840c752b5a8c21087a475689b69def529b6 3511436 ruby2.3-doc_2.3.3-1+deb9u1_all.deb 0c0e7da85dc7ca1a14ff7e19b149131107eacd25 193490 ruby2.3-tcltk-dbgsym_2.3.3-1+deb9u1_amd64.deb 9a6bbf6b4b3c1c330b8be3d8e15e86ff8467fe0f 421470 ruby2.3-tcltk_2.3.3-1+deb9u1_amd64.deb cc6a199ce58097ad7a2da07ea610be740a277043 10332 ruby2.3_2.3.3-1+deb9u1_amd64.buildinfo 9da59f9a6d4e24688e477b39780280ec2cc866ac 186954 ruby2.3_2.3.3-1+deb9u1_amd64.deb Checksums-Sha256: 69185b16843692fe1395a94b91969b420393a51c31a6ffa7b6f6b45c92df7a9d 2500 ruby2.3_2.3.3-1+deb9u1.dsc 799796bb740832c7257f45089fdbd9cd57686cac033f88d0b078063b6d3d77ad 8359724 ruby2.3_2.3.3.orig.tar.xz 78376c991383f677a53a52f757304eb93c3acd3c5f825724c632d828414e032d 98172 ruby2.3_2.3.3-1+deb9u1.debian.tar.xz 793d427ef5ba758f6ecb82c76fabeee88c8946345ef9a721056725dc9034465d 4603116 libruby2.3-dbgsym_2.3.3-1+deb9u1_amd64.deb 10fb7c8406b1ba69ca185526269205be29eb3c29274ae2e7b418146b2f2f5d27 3108522 libruby2.3_2.3.3-1+deb9u1_amd64.deb b774a20547be1556268b82106b4f245e501914d6df4a2259d2fd4c7cb05da264 5220 ruby2.3-dbgsym_2.3.3-1+deb9u1_amd64.deb 97b623e5c6c538a1c7120311a8e95d602f89005a7bc29f96026c5616756c3d32 1178900 ruby2.3-dev_2.3.3-1+deb9u1_amd64.deb a97a93249672fb1e26d23fc7c1bf85fa0b586f2126f03f4d7c6aa3f182c01c76 3511436 ruby2.3-doc_2.3.3-1+deb9u1_all.deb 4268d6d3d6110cc1468ba85ffa732e692a318102a74a7122e26ebe88895504fc 193490 ruby2.3-tcltk-dbgsym_2.3.3-1+deb9u1_amd64.deb 5ec80cbf9b6e9346e06c7cd83ea16125a66b24948dab9267249273ed91dee11f 421470 ruby2.3-tcltk_2.3.3-1+deb9u1_amd64.deb 18463b0683fc134546ded092743e5be6f75ef363d7753514721fa001559d3803 10332 ruby2.3_2.3.3-1+deb9u1_amd64.buildinfo f9bbea7a6f167d7f10c922a5d399a4936e3219e8b25beff9be851d1ee40a0aea 186954 ruby2.3_2.3.3-1+deb9u1_amd64.deb Files: 0152ca7b75f4ed5612513e008f31f924 2500 ruby optional ruby2.3_2.3.3-1+deb9u1.dsc c331a69a24e5ed52d7ccecf08e4ed5e8 8359724 ruby optional ruby2.3_2.3.3.orig.tar.xz 74e6dc3344da27ba22ed901f73fdefe4 98172 ruby optional ruby2.3_2.3.3-1+deb9u1.debian.tar.xz 8ea249602ed656ec0bb32cf064cf5d55 4603116 debug extra libruby2.3-dbgsym_2.3.3-1+deb9u1_amd64.deb 13b922ec34256c9d1b76cd23f8b36f61 3108522 libs optional libruby2.3_2.3.3-1+deb9u1_amd64.deb 3d40e233f9a45dc26e544a5acc2a4bc8 5220 debug extra ruby2.3-dbgsym_2.3.3-1+deb9u1_amd64.deb e19763cc77af141ace5c139fd6cb84f4 1178900 ruby optional ruby2.3-dev_2.3.3-1+deb9u1_amd64.deb 39b9d578f359edfbb04150528afb589a 3511436 doc optional ruby2.3-doc_2.3.3-1+deb9u1_all.deb dd71ad4d3a98959574a118cfb8c633a2 193490 debug extra ruby2.3-tcltk-dbgsym_2.3.3-1+deb9u1_amd64.deb 9d1a1ae5e09a8835623ee391fac2645c 421470 ruby optional ruby2.3-tcltk_2.3.3-1+deb9u1_amd64.deb 8624d37085286d702159d5a3785605a8 10332 ruby optional ruby2.3_2.3.3-1+deb9u1_amd64.buildinfo 77dcce2295af65a8d8f2c8b0efb49e31 186954 ruby optional ruby2.3_2.3.3-1+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAlmsm+sACgkQ/A2xu81G C94mwBAAnCog4DRBL8dATLQt048SzDTbOctB7cnQO6xIFlI+5jflxFkfNwRLmn+v KNWiNT2+6Wp6SIDT/kVRNNx0tQBlh6F92kURYiPt/EApL2JDiB+VMA37Qjx5QdPf a27F/vxQ+vrPhk6ffCX3JOUQ3cVhWUVuZUsKs1X55bUOvdwx8LRRCcRExRtLfE6h kMcoMsVJlwFQKqTaXI16nQvglZxTYA+pUbN6UJjnmIuFOuNlHk/nj3liU024UUYE dT6s4i10JXb9XJ0/NLrBJb1Wggv0MLzfK/uxWEJFd2cb21O9X7L4RlY8Nx0LHbgg KGXdMlujX/lrOqcPu2QoejPGnjg5w0vEXdtkgZdRHW8I5uWaBNRhzOwL6Zx0tMIH NniovcBSfVqgeyNloWaBiaS8TfH3GDWk31fnOs6HUsToJmDSgpydiuLvhk6P35in sbm1kq3v0msrW9NBTGirn/f/gQPiLxejAib6zX3IVj+GkNqmVm1zrE9y7HxTPOir DQbEMuMa3SR5jdCLWr+yUuaSY3wpgoMM8fDYUuG/DXZHoQypuyR5X5Y+g6286gJh xUgxu8YqGTRaglzG4OnVg2HgjdL3vvM5ztzHKAmEfwz4CmzAB8fHMmD/zYEPLUZB fl6S/PO5GcrQJLG/6Vpu0YH8/wfbSfwNreEAeI55zW7/ISm8P3g= =TRQN -----END PGP SIGNATURE-----