-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 15 Aug 2020 18:30:43 +0300 Source: jruby Binary: jruby Architecture: source Version: 1.7.26-1+deb9u2 Distribution: stretch-security Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Description: jruby - 100% pure-Java implementation of Ruby Changes: jruby (1.7.26-1+deb9u2) stretch-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2017-17742, CVE-2019-16254: HTTP Response Splitting attacks in the HTTP server of WEBrick. * CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication. * CVE-2019-8320: Delete directory using symlink when decompressing tar. * CVE-2019-8321: Escape sequence injection vulnerability in verbose. * CVE-2019-8322: Escape sequence injection vulnerability in gem owner. * CVE-2019-8323: Escape sequence injection vulnerability in API response handling. * CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution. * CVE-2019-8325: Escape sequence injection vulnerability in errors. * CVE-2019-16255: Code injection vulnerability of Shell#[] and Shell#test. Checksums-Sha1: bd06b15e0776654c0703f0c3cd23a98d86baec82 3061 jruby_1.7.26-1+deb9u2.dsc e1a304da12f6cc5db9d2a9a6f6f885c82b568bed 10228992 jruby_1.7.26.orig.tar.gz 68695dd087ad699a133e0267bdf88dec929f6f0c 96384 jruby_1.7.26-1+deb9u2.debian.tar.xz Checksums-Sha256: c9daffa52600d0c85dda0d3286441a1bb89d62b9420d82cfb7dc1b7018075fad 3061 jruby_1.7.26-1+deb9u2.dsc 37bfdbf6bbf1fba7d1976d381517e86506790bd8f4a43a870c1e76de29b082ad 10228992 jruby_1.7.26.orig.tar.gz 7c4fbfcca864981726b5f98fb53bfeb56422537f9229be357cfb824c54f9cba9 96384 jruby_1.7.26-1+deb9u2.debian.tar.xz Files: 9618c369b4f4868ef001757ce7302479 3061 ruby optional jruby_1.7.26-1+deb9u2.dsc c8d965f03ebb9b97e168bc40d81a9b91 10228992 ruby optional jruby_1.7.26.orig.tar.gz fe2602a99df954be0bfc475ea1ad71d4 96384 ruby optional jruby_1.7.26-1+deb9u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl85I+4ACgkQiNJCh6LY mLG+RhAAipw21P7eAd2TI32Dq6S8dH4zcmnVyEn0+bm8n2VhrZO2/zK7jHus8wcu x9xsjfDTPKboxmSUMPGhIG66YFyGqatBFvN7zhA2jq3ftp1wAetIYJUND+TuzmyH wf1B6+11YpCwAYYoMmprbdtJxvywVkGkMNOafM30i8l56efCn1QziXU5Wwg363lL 0zjnUUb69R5KpKWlRWik5LUPWeG/32gD08Jl58f9ovW2qv9VTGgYR1o8PDyf60JJ RSVnQkf+Z4wm+ZgBZkKucSi/37/oXcbj1PwNLhwU0NqnkSLZ6bz+iLreFfk26te5 VAQPc1RDl7/GOus5/0/hOH3AAaWhr6zucOvFsoZ8UVFnTTG32gvo6OPVokLkw+yU QqbXT5ospiVRwT98Fe+c0AgB9gY9P2iOItD7wtO0zNK8d4xR0rpXcfQTD/ZbswCM MsbgjYc2tymWqx0VI70Q88zwKZjjOopYqqJSaFqSOw0pC1uk0qBVrlScnTdI4UaC W0mCwUMuUWBZBB7VaXp5sNtHbyZDjQVH0lhRzdq2ShS4E1p0hjEbAGql0Px+nvYX DzDvV7G0S8u5/evrTrAuiwxs5JoKU2URJJBo3qK0Z4eoujdoGFYQIGTWAXJt2k6r hL/TssplPGI/pSvEFKdne0BwwtkRtLE5xIY+bE6to6lV3wsMSYY= =P5fG -----END PGP SIGNATURE-----