Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted rexical 1.0.5-2+deb10u1 (source) into oldstable
Date: Wed, 12 Oct 2022 13:50:23 +0000
Signed by: Sylvain Beucler <beuc@beuc.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 12 Oct 2022 15:00:36 +0200
Source: rexical
Architecture: source
Version: 1.0.5-2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Closes: 940905
Changes:
 rexical (1.0.5-2+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2019-5477: command injection vulnerability allows commands to be
     executed in a subprocess via Ruby's `Kernel.open` method. Processes
     are vulnerable only if the undocumented method
     `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user
     input as the filename. This vulnerability appears in code generated by
     the Rexical gem. (Closes: #940905)
Checksums-Sha1:
 c2ca9ff25a45ca7ae2b8bcfb033a5abb7f2debd2 2053 rexical_1.0.5-2+deb10u1.dsc
 2e87d248970dcc239a12e457adfaebf655e3c9c4 17142 rexical_1.0.5.orig.tar.gz
 87f173c4d3e9d1972fd623a8d3ae326f2e1a16c3 5880 rexical_1.0.5-2+deb10u1.debian.tar.xz
 bed9d79110dfa8c834ded71969ac458db930ee54 8817 rexical_1.0.5-2+deb10u1_all.buildinfo
Checksums-Sha256:
 c8c57af0a1d556ec48bd0fcd30a8bb20ca907650a028c865084da51ddf8f4744 2053 rexical_1.0.5-2+deb10u1.dsc
 0a0b479a6aa4f7ed0f066b89cd81c028d597a3c6841c7b5a7f7df21cc227e3e8 17142 rexical_1.0.5.orig.tar.gz
 560ad847246a0bfde4926aabaa651e352e76c80591256efb399f526ff8c63d1b 5880 rexical_1.0.5-2+deb10u1.debian.tar.xz
 aba1701afc32881d6dc1326636523bc55a95cdf655c4d29b9f546ecc08c20d16 8817 rexical_1.0.5-2+deb10u1_all.buildinfo
Files:
 8acc10f24a53123132655ab029c8db5a 2053 ruby optional rexical_1.0.5-2+deb10u1.dsc
 54bc7d3d96f63796533176def4d7124c 17142 ruby optional rexical_1.0.5.orig.tar.gz
 cee0b436e1b7f4ca79e492233a25f394 5880 ruby optional rexical_1.0.5-2+deb10u1.debian.tar.xz
 fe6937f32f42cc5072621c05ef963fcf 8817 ruby optional rexical_1.0.5-2+deb10u1_all.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmNGwTgACgkQDTl9HeUl
XjA51hAAody1tP4VOpH5mzxLVTTHje8UTW5BmA5OKio3Z1SrqsfnNR+XmnbqsgPa
W8RHi3p2GnAAf/v3F2mgUF1uJ5v/aFkKNsKCBNm/3eKakIhk0RuO5/RG85snqEQr
Rsd8PtyPi5j0COfxq6u5ubM57lnrQMhzqXIhbqZqXu1EnjD5ki3oNoEG1QAcxwP4
QKbBZtx5hv1XKlLjbi3VXs4wfCHz4ZdPBc3YTXqBvZ5adQMKnPLRmbLKDnzUiZq0
QfABTRPA5kh4VRXaSBEKkYwVqYQUFfE+A1kbX17iFAbqwe6Nnb01+izRO8ZmsVuK
nxwZv/+JViasY4D9ZID60b2v6+iKofnN2Y1Lh1Bod9x20XgqBjG3SgIVus+tTDuc
ukxaRRj3jOI2YYrxqlxbIM6K03Z3XXbGC7KJU0Gfy2e6VD4f08KqIrFh3DbP/h5p
EVQ4cmldRLrLc/qHQ/mk3/Fj8NcYqD6IpbLVVCR25BCqvpCL+uqadpCBg3wJ+1sd
TNLCq5w3H3qvYHPBXT+JmM8glwWSbI6ACDXeO9nMlgvmBrYOo+sFHAZcQqxoojzR
8taiQWLzczhWzwjyOaXz020yANh/k3ehujcfd2fy9uORptQ7EXBVBndY5XkPMXzN
hi7/M8Rq7ry4/02c6gcLB/cNmw5Z1R3n4bITxrTVi1kQI00chKg=
=fhfZ
-----END PGP SIGNATURE-----

News for package rexical