-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 06 Jun 2021 15:38:07 +0200 Source: ruby-nokogiri Binary: ruby-nokogiri Architecture: source Version: 1.6.8.1-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: ruby-nokogiri - HTML, XML, SAX, and Reader parser for Ruby Changes: ruby-nokogiri (1.6.8.1-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2020-26247: Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. An XXE vulnerability was found in Nokogiri. XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. The new default behavior is to treat all input as untrusted. See also https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m for more information how to mitigate the problem or to restore the old behavior again. Checksums-Sha1: 1d6a1884badd774eaef4b8591f41bbeb3066bc7e 2432 ruby-nokogiri_1.6.8.1-1+deb9u1.dsc 3b217ef19d26c88424428a9dfd11bb7f051bd610 415104 ruby-nokogiri_1.6.8.1.orig.tar.gz 0d4e36bf9c9ad0d5ad3d6dcd84b21928e212e656 9872 ruby-nokogiri_1.6.8.1-1+deb9u1.debian.tar.xz 99096d8b6c72d830a04e90b61ecdd8cb91a2d101 7787 ruby-nokogiri_1.6.8.1-1+deb9u1_amd64.buildinfo Checksums-Sha256: 0dd528cb7cef0ce37557201015a7ab165e4328f0249e998cfedd98793578b67f 2432 ruby-nokogiri_1.6.8.1-1+deb9u1.dsc 4ae97d9af051b80b6a526d55be2a71c1f18e3b8967a9e59c3b6b8a1d475f5889 415104 ruby-nokogiri_1.6.8.1.orig.tar.gz ed558ee30ca6dd8867d5ecbbbcd32be4429f2c38c3dfd524464b8dfabb1eb9d4 9872 ruby-nokogiri_1.6.8.1-1+deb9u1.debian.tar.xz 31d59668a7af177b3ed70d876353be1327679087899b17bbf26a72f11c05c10e 7787 ruby-nokogiri_1.6.8.1-1+deb9u1_amd64.buildinfo Files: 36d1f528716467de390e173e376fde3c 2432 ruby optional ruby-nokogiri_1.6.8.1-1+deb9u1.dsc babd4c2d8c0a9081e59da9898e91c559 415104 ruby optional ruby-nokogiri_1.6.8.1.orig.tar.gz 88d31d1fd12c6f66b9907e0f9d69e6b3 9872 ruby optional ruby-nokogiri_1.6.8.1-1+deb9u1.debian.tar.xz 06c8dc85d443f7a3151a9376202c78eb 7787 ruby optional ruby-nokogiri_1.6.8.1-1+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmC9CKRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkpEMP+QEmkMGiJOuNslzFSQVU5CsujyKIDoRUcAUK c3fLBtYwY4PLhPq3H5nwIpJknG/0icgHvOX7c7ple6x+pEwguyRsgScgGFeKZrGK 5G+crJ7yUBHvqH246q89TEm+TxLhxJB/D4MbPpNOxfPbENuk5yeFMdl7ZXsl83fe FE7ZXHVplUpAc65ZVi4vEcWfOrPIpe4CVINMN238mgOOX3H3IBw4TMPZNXf6bxLn LhZAXcKADa4t14pbDoOsaUs2HIYzVKZedP/uwOZ66VarUf6itZJSuvnSqXBWc7dN rBNV+otuIFuxGMaeukDPpTU7jcKtyevQK/i3ImjrVxdRt8pLrNdY3GWLARxz81lH a0AdReF/GvU5cGJQ40GOkx5iBXtkz1JB7QbuGjlXOmrw86wjrYLRNpK9DU1KG+Kf fdqIyMe/6ztd8fbu7aejG186QdHs4pQsQX9s/gH90YenHLygoahvaNtHO1gVOe18 YzOYjKVfPoZOXhpZYKd+vqRcvUYVF4URHGX62asYEqV9kqdim+C6JSTt7sQ+Xc6Y 0TqVro2EZ8l0OXvVox+tL6eiDcM7s2LVb0Cag5+p5tAWygfM73LT0bsLvF+/+5z8 LMRmMzErwOFF9q2025ZdpUnN7pOLGBiJofn2RlOCrP6FvmAlSpSj0RTK0/kWdxKo Z7ZbYNRe =pnRW -----END PGP SIGNATURE-----