Debian Package Tracker

From: Thorsten Alteholz <debian@alteholz.de>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted ruby2.1 2.1.5-2+deb8u8 (source amd64 all) into oldoldstable
Date: Mon, 25 Nov 2019 19:00:55 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 Nov 2019 19:03:02 +0100
Source: ruby2.1
Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc ruby2.1-tcltk
Architecture: source amd64 all
Version: 2.1.5-2+deb8u8
Distribution: jessie-security
Urgency: medium
Maintainer: Antonio Terceiro <terceiro@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 libruby2.1 - Libraries necessary to run Ruby 2.1
 ruby2.1    - Interpreter of object-oriented scripting language Ruby
 ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1
 ruby2.1-doc - Documentation for Ruby 2.1
 ruby2.1-tcltk - Ruby/Tk for Ruby 2.1
Changes:
 ruby2.1 (2.1.5-2+deb8u8) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2019-15845
     path matching might pass in File.fnmatch and File.fnmatch? due
     to a NUL character injection
   * CVE-2019-16201
     A loop caused by a wrong regular expression could lead to a denial
     of service of a WEBrick service.
   * CVE-2019-16254
     This is the same issue as CVE-2017-17742, whose fix was not complete.
   * CVE-2019-16255
     Giving untrusted data to the first argument of Shell#[] and Shell#test
     might lead to a code injection vulnerability.
Checksums-Sha1:
 1bc43e6f0451eddf3e974a76bc6dce9d5ecccfba 2610 ruby2.1_2.1.5-2+deb8u8.dsc
 4c70a84f0e88f553235b3e0c2619c193251d4652 8026484 ruby2.1_2.1.5.orig.tar.xz
 7071bce4c4a9e85e96a4f24ce1644883178d0238 124272 ruby2.1_2.1.5-2+deb8u8.debian.tar.xz
 576df30f325f4321c2fcd18773fdc9efd55dda83 277848 ruby2.1_2.1.5-2+deb8u8_amd64.deb
 c6ac517c34073f46032eacabb681cdfc26594d0a 3285742 libruby2.1_2.1.5-2+deb8u8_amd64.deb
 1ddd56d3516ec968fe40732681ccb5330a94b0d1 1103980 ruby2.1-dev_2.1.5-2+deb8u8_amd64.deb
 1ee5f39a56d094f00b553f658dd620105ad47bb0 3378216 ruby2.1-doc_2.1.5-2+deb8u8_all.deb
 a40d5b05aa8151df86f7df1f59ff2e89291ec09f 479828 ruby2.1-tcltk_2.1.5-2+deb8u8_amd64.deb
Checksums-Sha256:
 1ab23b0495fa90c7f43d4f8024a8ad8c126b49ac5d0493e96d85ab847487758d 2610 ruby2.1_2.1.5-2+deb8u8.dsc
 0f8d9b15b38ee8b9a59dd9504404789cd8941da2c3ea079535e24f95e0f7ddc1 8026484 ruby2.1_2.1.5.orig.tar.xz
 f5361aebeac9b13656d7ba71f53c7ccc4986ae1d38e0729884c270954cde9da5 124272 ruby2.1_2.1.5-2+deb8u8.debian.tar.xz
 466b874730d89482a103a3889b54ee94974cdeb80dbb6c86f2431accf33fcd8e 277848 ruby2.1_2.1.5-2+deb8u8_amd64.deb
 977b918e6e52de8fdc4c2ae4be9104cae3fc69f551ef97bbc3c7eac582d1baa7 3285742 libruby2.1_2.1.5-2+deb8u8_amd64.deb
 e870fd505f239ab6b5d3750f9b2f8ffa313cb23c95596a55d8fba8162131f5ff 1103980 ruby2.1-dev_2.1.5-2+deb8u8_amd64.deb
 fa19885f940f3d254228601654878e3f03bcb30a4011bda969c8835a6b08a43b 3378216 ruby2.1-doc_2.1.5-2+deb8u8_all.deb
 2ddd35302d7972d40c54c9daaaa1084278af59f466bc60773874acdf984876e6 479828 ruby2.1-tcltk_2.1.5-2+deb8u8_amd64.deb
Files:
 c35575f892d09953af26a0ea3cb87e76 2610 ruby extra ruby2.1_2.1.5-2+deb8u8.dsc
 1fe7f8fe73a3deba9363f391c1083e94 8026484 ruby extra ruby2.1_2.1.5.orig.tar.xz
 126db2400d0c84792d514b04acde10b5 124272 ruby extra ruby2.1_2.1.5-2+deb8u8.debian.tar.xz
 f16fd64bdc5e97c2a3b284607fbf354a 277848 ruby extra ruby2.1_2.1.5-2+deb8u8_amd64.deb
 ff6c36997035d8d9435117d95a70be74 3285742 libs extra libruby2.1_2.1.5-2+deb8u8_amd64.deb
 61b26421fdb5480ff93df8917849bbd7 1103980 ruby extra ruby2.1-dev_2.1.5-2+deb8u8_amd64.deb
 8a3d9689e32395f884e2ebd702e5557a 3378216 doc extra ruby2.1-doc_2.1.5-2+deb8u8_all.deb
 6271ef8f2b2750bafd8592059f5626df 479828 ruby extra ruby2.1-tcltk_2.1.5-2+deb8u8_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl3cIZ5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR6GhEACAP1MvX4oyTS6eMKmTaOC7rpbmSArr
wW/pqdgwxMzQE6TbwhmRtorRHoBs6zCoShv8L9TLj33QAnkKJ+u9OmJiPNQ1TgEi
vhMj7PrzTuZy6n71xb8CyRwWDkoa9xH9QHrQ/wL1gVBzfWT6uqp3/s9VvOPJA3C3
u6xJBdjpnXv5clHk0w43HRJRuyRC3f/Tr87IrZJCyCSD1iR+syeT/+4DOh56pG2H
Eg0xoQ6AOxtizssjwrRPYxCzoSQgs845g3hq1+fIWCkxERNwy3bEVTVTNVcRStuB
ikrlwyoMlHSgf3qUkZrGRim4/PRhELg9E4sycmFyTl63Xh4TaGBuy8t5UDl6reVZ
+pbJDbHtNKubg+7rfLxMyfoYtenDtOJhqE0KMa2M54tCwuTQ/38sH0h5hU2HZx4x
CG3JwQieCqOj0t47cU5Cz0A8YlibYr8I/pqfyTYoX65rCJkbqg/z0hLqgVKJmjbT
fea+HjvDzDjgkM9SIq2bK+BCkuAujAbI4Ey27kUVVceSnUMWTWoVISHlYG3WPBCc
lOBFRB4s0BSV67qgSvEI1rRHa9azDHE3kmQnJiOMyVLm+n+JBP5ya48EQTPYvj0O
yqshDJP0uLP7sCUVYQKifey722FndAs89YHxx41Xw8FNrKoUSJ2M3jdhhymaNgim
ve7bx9nmyDPHQQ==
=vni6
-----END PGP SIGNATURE-----
News for package ruby2.1
