-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 16 Jan 2022 19:56:28 +0530 Source: ruby2.5 Architecture: source Version: 2.5.5-3+deb10u4 Distribution: buster-security Urgency: high Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Utkarsh Gupta <utkarsh@debian.org> Changes: ruby2.5 (2.5.5-3+deb10u4) buster-security; urgency=high . * Add patch to use File.open to fix the OS Command Injection vulnerability. (Fixes: CVE-2021-31799) * Add patch to fix StartTLS stripping vulnerability. (Fixes: CVE-2021-32066) * Add patch to ignore IP addresses in PASV responses by default. (Fixes: CVE-2021-31810) * Add length limit option for methods that parses date strings. (Fixes: CVE-2021-41817) * When parsing cookies, only decode the values. (Fixes: CVE-2021-41819) * Add patch to backport rexml upstream bug fixes. (Fixes: CVE-2021-28965) Checksums-Sha1: d157c9911db77f02c0d7a32d12de6f05b568d9e5 2482 ruby2.5_2.5.5-3+deb10u4.dsc c477ffe8f8ed605036df6c8892bd3c800b8e9722 10208264 ruby2.5_2.5.5.orig.tar.xz f1d779f5feda98ada6063ac8973175695b4ba191 134840 ruby2.5_2.5.5-3+deb10u4.debian.tar.xz 08140baa34ab50a0b398023a590c8181bba77a01 6538 ruby2.5_2.5.5-3+deb10u4_source.buildinfo Checksums-Sha256: 4f24aabab7c7000a37c467d136695539875265b59520786982886e0c8cffe621 2482 ruby2.5_2.5.5-3+deb10u4.dsc a49a222bbeeeb0191ae043a509cd05137869f971a33fef74d3c0aaae95170877 10208264 ruby2.5_2.5.5.orig.tar.xz cf9d286b71862c68b6e55541e03cca49584616b68d5c61da284c42e19c07f9d0 134840 ruby2.5_2.5.5-3+deb10u4.debian.tar.xz be6690c1e64e215331199052d69a5fa6854f44a4fe49eddfb701cf6117c09874 6538 ruby2.5_2.5.5-3+deb10u4_source.buildinfo Files: e0813a39715345d3539f21bae969eacb 2482 ruby optional ruby2.5_2.5.5-3+deb10u4.dsc 9a1922884905ac8be7ddf8de1408472d 10208264 ruby optional ruby2.5_2.5.5.orig.tar.xz 48083b8970b0941357f2e6b5ee7a33d5 134840 ruby optional ruby2.5_2.5.5-3+deb10u4.debian.tar.xz 1521a65a287b3c704f56597bc4f4c80d 6538 ruby optional ruby2.5_2.5.5-3+deb10u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmH5IwYTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlv33D/4yPVUr2cC8YyXwoBPo65tc79Pz9pII 6JSro6hVyqkv1NKlc0kcuqhU1RlMuJS+2QooswW3HfTziniM+ryZ/Ya2g0jxaq1Y esgWi2cDdsf1kC0cDaAfMzSAaM1K4qUo/7cYEcFqfWYRTBTlAaMrz7Urwex+azjl 49DC1/iPg8Lc/nH3YDu7aNH2e3p3iAPl01Gdf/+3WCrzB0VWQHwCOPPKdXnC4O1w 5iY0bqtAg8kz2Yq6Q6qwQFKNsIZhb+yB/KTABUsDA++Q3MCr3Fzy9IM/P+9Zhiev iRXYnDNNzfAevwXvz3K+D97Athf1tZlhXaaM1gdZcY80+28+124B+/CueGl+UxtQ uu+sdJUjk2FiGv9LdjdD73yrK35zRruNWE1aNhTwZDuP1xYgwADSuI+hJXrvaF32 pWI52/EG6alz1/XJCyfJ0KHffNJNMs9zA6H8ZIyDpO0+VOUEl/vD6Lb3il+O0omD j61Ykht1lvc6GMFcHvd8vCcf50VN04JCfzYwVF/q2djQ6wZUCY8eOqJGqjb8EKjB p9m8RRP7iGLvZJNcumsw8U5p/+ruzOEexdZBDr9reQB9EhhyqW/F0MvQc/6i/wgR KjpTBb7IqrbkidYQXH3cdPnL6GPFJaN+Yu/vAdIzyp4xUa2A2qDfBWiq1uuTEUjb 1i5ZEQlAu7s9uA== =HQW+ -----END PGP SIGNATURE-----