-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 26 Sep 2017 14:08:42 -0400 Source: ruby1.8 Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libtcltk-ruby1.8 ruby1.8-examples ri1.8 ruby1.8-full Architecture: source all amd64 Version: 1.8.7.358-7.1+deb7u4 Distribution: wheezy-security Urgency: high Maintainer: akira yamada <akira@debian.org> Changed-By: Antoine Beaupré <anarcat@debian.org> Description: libruby1.8 - Libraries necessary to run Ruby 1.8 libruby1.8-dbg - Debugging symbols for Ruby 1.8 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8 ri1.8 - Ruby Interactive reference (for Ruby 1.8) ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8 ruby1.8-examples - Examples for Ruby 1.8 ruby1.8-full - Ruby 1.8 full installation Closes: 875931 875936 Changes: ruby1.8 (1.8.7.358-7.1+deb7u4) wheezy-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2017-0898: Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. (Closes: #875936) * CVE-2017-10784: The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. (Closes: #875931) Checksums-Sha1: 763f39524fff2d777750d162d6cd5b8a7be68f5f 2561 ruby1.8_1.8.7.358-7.1+deb7u4.dsc c0351f42f05d3bce76095baacb7e9610db76db7b 67643 ruby1.8_1.8.7.358-7.1+deb7u4.debian.tar.gz 9f6cd8a268f88eb7f9a684dc2b264470198980ef 345890 ruby1.8-examples_1.8.7.358-7.1+deb7u4_all.deb bd15e238358696fb9d2de9734d15ad8772cd9eed 1435378 ri1.8_1.8.7.358-7.1+deb7u4_all.deb 117200daedee4a6ff6a80fbfaf369e7714e84081 284428 ruby1.8-full_1.8.7.358-7.1+deb7u4_all.deb f1d8cc1283d83fe6d8abf5f8a4b5f2bdee42c57f 320258 ruby1.8_1.8.7.358-7.1+deb7u4_amd64.deb 52e108d61a1893ff00eb227972f8b3294114f25a 2088758 libruby1.8_1.8.7.358-7.1+deb7u4_amd64.deb 51c14565789abcb09483bb7ae9cedb10c73436ad 1739144 libruby1.8-dbg_1.8.7.358-7.1+deb7u4_amd64.deb ecc6332769b53f163f5af241d49de3c1bc64ebe3 911742 ruby1.8-dev_1.8.7.358-7.1+deb7u4_amd64.deb 33c723915c711b351a4eb60c7429f074c69fd031 2034150 libtcltk-ruby1.8_1.8.7.358-7.1+deb7u4_amd64.deb Checksums-Sha256: 73ffe85bec27dd8202fb01ed889d7a6dce4eff2d6abb1c118ac7e01c195a0250 2561 ruby1.8_1.8.7.358-7.1+deb7u4.dsc e2ff6baf1573ede08059a446abf75f1242a4378474857ca3819cc67ebcadd3e8 67643 ruby1.8_1.8.7.358-7.1+deb7u4.debian.tar.gz f74a779a46a79f82ac73745d388ae86c66bdaa3275b9132953ed7712134b70b7 345890 ruby1.8-examples_1.8.7.358-7.1+deb7u4_all.deb 9b0233822d868eaca5f29db056ee4146ef33d11f958ce11af83e71edece1b14e 1435378 ri1.8_1.8.7.358-7.1+deb7u4_all.deb 5418f782ac7381493455481c1eafb3198720a0a177e1bf2a9a848d14f672fef7 284428 ruby1.8-full_1.8.7.358-7.1+deb7u4_all.deb b19835446985343c03196a966a273ece47311dcfa5d30d7e81f8a5f97e5e01ac 320258 ruby1.8_1.8.7.358-7.1+deb7u4_amd64.deb a567224a1dd34153b9f1a31320b13622328d37988248eab03c1c5ea3df64c919 2088758 libruby1.8_1.8.7.358-7.1+deb7u4_amd64.deb 5f55451abc558d39b51e9cd1be3f9131a3fb9845b4157c545b9bafe3e85e80ea 1739144 libruby1.8-dbg_1.8.7.358-7.1+deb7u4_amd64.deb cd3d4e0fdbc4751c9dbf633011fde89a521f2420b8b47e0133596df4bd1af393 911742 ruby1.8-dev_1.8.7.358-7.1+deb7u4_amd64.deb 04584aaa149899573db5c3d9f4ca0101467c826b861547a6092d72717c138f78 2034150 libtcltk-ruby1.8_1.8.7.358-7.1+deb7u4_amd64.deb Files: 728438586e7583284caef4d4a7d97529 2561 ruby optional ruby1.8_1.8.7.358-7.1+deb7u4.dsc 070bae5a4ee6d00667a49bf4aa3e1f76 67643 ruby optional ruby1.8_1.8.7.358-7.1+deb7u4.debian.tar.gz 9f60361c453b9a5e2e4821ab64454274 345890 ruby optional ruby1.8-examples_1.8.7.358-7.1+deb7u4_all.deb d46a3813210a2bbb91ef681f1ff39b9b 1435378 ruby optional ri1.8_1.8.7.358-7.1+deb7u4_all.deb 64bab92cff6ec29395db98ddac0173b9 284428 ruby optional ruby1.8-full_1.8.7.358-7.1+deb7u4_all.deb 1182f24aba172a41d7559239246810ea 320258 ruby optional ruby1.8_1.8.7.358-7.1+deb7u4_amd64.deb 9c2f60550e7bc9f436fdf5b070a94d2c 2088758 libs optional libruby1.8_1.8.7.358-7.1+deb7u4_amd64.deb 4a13cab867b73982d1da3e8b69b9bec0 1739144 debug extra libruby1.8-dbg_1.8.7.358-7.1+deb7u4_amd64.deb 57eeca76834ae4f4a3f565abe41663ab 911742 ruby optional ruby1.8-dev_1.8.7.358-7.1+deb7u4_amd64.deb 94e231b5a4eb26ed6bfc30ac9d3a3a4f 2034150 ruby optional libtcltk-ruby1.8_1.8.7.358-7.1+deb7u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlnKugMACgkQeSFSUnt1 kh4vyhAAlxbwQTLK3fAKJWj0u6VEK8akTOqgfv+aKN10L/3Vscmq9uHn9ISCEQbP ZtmW4Ek3aclseWgElPOunuKaHrahgmwspcX+OGvDhSm6UwaVdE8mnh9FsIWfS0Yy gFfGNVB0RVgnMyV5W9mBYpjXIzE/dORtEkHGySeiKlfwOR5w59NXo0OOr86YKoGQ Y3IlW0BE6GyEmgxndl3cwXRvh8r6JwedfYBJoytgQyn9nWsFJrZ4UC24KKEf3Q+v Hltisj+uAm4tG1bZz8ZxJYOjW1pGSf5cD4HSAmgQFgyE20QnZhfyC4UbyZRVR4XR amoNon3622NKWzMrlnNFqQv6mKVKGFrFIxBEpCPLcN9cs77FykFq64Y3yJCJ0DPy 9xdELC2KxniQZsNY5V02IOAw5S7+lN2qnefSm5CJ0w+Niw70u1Pgm8cniDh8MCJQ QVzQxVYLxZhwci5PTUcXg7sQpD+EndLbuFgILCf/nlNLIjcmeMfGkE7xOknDeUPX oEMIbHYYvQHh20jLp/jF8AJfzTjeT5Dsf6F28y2u1xrCXCUckDihO3ebN1IMW5yb AQ02owpMJ272FeBCM2unWlU9NBkiEuEbNFNvbDzFfw0OX0hQe9VT+DsCbJTFgtbw Qs0FSe4//QeQ2n8wP/xCI9JrH4zEoGp6361/DtY/q7ctJdxBwew= =9w9s -----END PGP SIGNATURE-----