Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted ruby2.5 2.5.5-3+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Sat, 21 Dec 2019 16:32:46 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 15 Dec 2019 13:58:03 +0100
Source: ruby2.5
Architecture: source
Version: 2.5.5-3+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
 ruby2.5 (2.5.5-3+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix for wrong fnmatch patttern (CVE-2019-15845)
   * Loop with String#scan without creating substrings (CVE-2019-16201)
   * WEBrick: prevent response splitting and header injection (CVE-2019-16254)
   * lib/shell/command-processor.rb (Shell#[]): prevent unknown command
     (CVE-2019-16255)
Checksums-Sha1: 
 2576359bfad7c22b654a25d5aca38baedd83ae63 2608 ruby2.5_2.5.5-3+deb10u1.dsc
 c477ffe8f8ed605036df6c8892bd3c800b8e9722 10208264 ruby2.5_2.5.5.orig.tar.xz
 4897cbfd09e55e82d47083379e038f6c10cb734f 119656 ruby2.5_2.5.5-3+deb10u1.debian.tar.xz
Checksums-Sha256: 
 7c59735c043b5ebc88dca195f40c100077202d8dbef10208e50f7bf3bcbbb467 2608 ruby2.5_2.5.5-3+deb10u1.dsc
 a49a222bbeeeb0191ae043a509cd05137869f971a33fef74d3c0aaae95170877 10208264 ruby2.5_2.5.5.orig.tar.xz
 488574edc65235db252422bbaeaae0a46a47bbc61a4e8b6a2154d296f6229207 119656 ruby2.5_2.5.5-3+deb10u1.debian.tar.xz
Files: 
 93129d2aa6c5a85481ef028f47c13b1d 2608 ruby optional ruby2.5_2.5.5-3+deb10u1.dsc
 9a1922884905ac8be7ddf8de1408472d 10208264 ruby optional ruby2.5_2.5.5.orig.tar.xz
 8f7a9b6aeff5b8b10e321b6844b98e36 119656 ruby optional ruby2.5_2.5.5-3+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl32MS5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E1+cP/jfVm00nV7e4AH/wyTM1LmGo3lC2ofmS
zc/ZkgEYAUIyhiRZewQAJz6HjKyaBBi7RR1Gah4xUKZ0jT7g1B+lIEOIRJqNfIRC
iDcea8GniOlNH9kT1paXhK/jWsHhpYmbe3+T6UOkxbOf2U+ccTIK5oaHjXKTWTTm
GmLzfmTuOZo1aZ2GZ1DFZUgf04JvYApSsYQwmNMV3gAl71741x69W0gD+ojESUx5
7BsGrg863P10OLfdqiW1PLuS9XDvjLVJ7+o2bI8WuBFu7jeXCyAaB9pWGGXaZFx/
poNRoI3CtfOUCtGxqtvbviQ8ZN+VHAZ2+2y+eRpxq/PK+Pyh9lm6Z3xKjOOguyL3
1vNaKugQHW/HiFgxg981jtwx6qzsE0Sj6DDIRi1hWar+4dArfWqNezrmtXiOLasg
zf02PorpF0vRvw8XCdrh2uZh1FdbbXsHfv+lulN/GHy4nemsOqC4eHp9CimKxtle
GgbAAdOgPgLG/jioVczy60STQMMsUP3M8JhWOAK+n9ajDlXLvCb5fIP2uTatBXRK
ldtnP1XdL1bXFIeRN9qggAv8ZH7jKjnlm3Qp53hvoS1iuygHXWA0TMSXadQPxjJQ
aRtuY2m3a42BErtLpTGvyc2hI3TScmwLrhTpSC0xuUFM+BToUi1t2iG1sExieYrI
qYpJhsv0hsGV
=yXuv
-----END PGP SIGNATURE-----
News for package ruby2.5
