-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Feb 2020 21:40:04 +0100 Source: rake Binary: rake Architecture: source all Version: 10.3.2-2+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Dylan Aïssi <daissi@debian.org> Description: rake - ruby make-like utility Changes: rake (10.3.2-2+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2020-8130: Fix an OS command injection vulnerability in Rake::FileList when supplying a filename that begins with the pipe character `|`. Checksums-Sha1: ab0e615b8cda22150be73f7c138d75471534b343 2169 rake_10.3.2-2+deb8u1.dsc 85fb6843d83492c318bea3dcac70cfd9768800e8 130432 rake_10.3.2.orig.tar.gz 3301f73c406f7b3eaffc9c168a4690ee7df8aa86 8536 rake_10.3.2-2+deb8u1.debian.tar.xz c335233fa49495aff504b30275e97225d00efeab 49202 rake_10.3.2-2+deb8u1_all.deb Checksums-Sha256: d22a24bb91b81eef9a7ab38daa5a3c3f359428dcce92f0ed042d956b00f3bf72 2169 rake_10.3.2-2+deb8u1.dsc e8428af5ee7dbffa556ad296749079551ede9c0b4737e5115d063204cbebb0e7 130432 rake_10.3.2.orig.tar.gz aac803fda587ab93fcc8d2fe076e82cd4255f8d5501177594eb218768b62e685 8536 rake_10.3.2-2+deb8u1.debian.tar.xz fd15529187f784355685a64e54d1bbe0ecc660a9d645ff24b1e0c970b2cbfdc7 49202 rake_10.3.2-2+deb8u1_all.deb Files: 2a73ef12a8aafce269a0b45a06b49285 2169 ruby optional rake_10.3.2-2+deb8u1.dsc 2005b4ecd01e372a89cab9ad4fd9c988 130432 ruby optional rake_10.3.2.orig.tar.gz 2b92e0e51e8b85979fd5f10bbd9313e8 8536 ruby optional rake_10.3.2-2+deb8u1.debian.tar.xz 732bd08ff637b43bec69d00c1729f5aa 49202 ruby optional rake_10.3.2-2+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl5W4PwSHGRhaXNzaUBk ZWJpYW4ub3JnAAoJEGEu8WE+BQ9U61UP/0pOlfsV5erbZuTh1P/WbSZtJ63SpChR 18iQtPpLVo26SDWzlK0b3X98NcIwn4Bl1qYEmEhHqX/paqjEo1dIhMV2q4f3PReR OqPM85cu9/HtwVTGCwwwKICuhRgTCcctNi97FtZKClBmZP3b9zNdAN7YCqEXzKFX zdweUrr4yFxexuaFIgTFs50Vi4JjbRcFs5KVYAyxk0rbOrZeyVCILruZP7z4OEYq VR4JCKfihozFzT2SAOBEV+Ek1Ocz3umeaIuGLnnxPhNHAgCwsIO/ajU4ZnU7++OS hpx/HcjKEchm+xnQicfe3wi2uVDgXdrgTDzu58sCIatG9wGzvlIuGsdEgrHAFNY1 BtHP66a425/abzNOl+nEdQrrh/S51rGk9tXepROgRk3zCc9axu7Qo+YdppupeAdI fnzvv9lHltRHt+UwaF+6fQqhypbHg8U4IsrutIcclIjMS0yYHh3Sai6QxtKsfb1I 4bJlZgx+O1maeo0Z6UbPuwUAY7fOmWpcf/bnszBLCrGYDRTCcQYD/UcgeMpx++ZX EW8gMK71jz3TaXFKiVep7cfhB0PcjI53L/oyG/a15TveH5IpjuDrltlZDrAh1TMv i6DN+AH2sb1Y3y497H7f67voixYCSZxAKmUwLSMEOKLA7JLCfXflYru3UX71zulN maCRKZoDI8JY =qay4 -----END PGP SIGNATURE-----
