-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 31 Aug 2017 10:39:37 -0400 Source: rubygems Binary: rubygems rubygems1.8 rubygems-doc Architecture: source all Version: 1.8.24-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Daigo Moriwaki <daigo@debian.org> Changed-By: Antoine Beaupré <anarcat@debian.org> Description: rubygems - package management framework for Ruby libraries/applications rubygems-doc - Transitional package for rubygems rubygems1.8 - Transitional package for rubygems Closes: 873802 Changes: rubygems (1.8.24-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2017-0901: gem installer allows a malicious gem to overwrite arbitrary files (Closes: #873802) * CVE-2017-0900: DOS vulernerability in the query command (Closes: #873802) Checksums-Sha1: 337778374d0605e42e1fd15c992674287545a210 2182 rubygems_1.8.24-1+deb7u1.dsc 30f27047e74f7943117736a0d3e224994fee0905 380101 rubygems_1.8.24.orig.tar.gz 0de08d103cc966dbb7bf777ffc81d67cbfe083f3 30358 rubygems_1.8.24-1+deb7u1.debian.tar.gz 62f1b451bc870b56b8c0d062e3c1b43bbeff069d 599468 rubygems_1.8.24-1+deb7u1_all.deb f5d63b47706635ee9761f975e528a2a232bd5a82 29458 rubygems1.8_1.8.24-1+deb7u1_all.deb 87a11f69290e9b4e8ada9e828fa61d4e890ce33a 29454 rubygems-doc_1.8.24-1+deb7u1_all.deb Checksums-Sha256: b42da3f83909bd51e29e2aa7adb29c57bdbb603db2d9a627f759876961e5604c 2182 rubygems_1.8.24-1+deb7u1.dsc 4b61fa51869b3027bcfe67184b42d2e8c23fa6ab17d47c5c438484b9be2821dd 380101 rubygems_1.8.24.orig.tar.gz 7f7a341a3c7fd2530a13beaa7f051b6c0faedee7ad900caa733c2a16ba0e71b1 30358 rubygems_1.8.24-1+deb7u1.debian.tar.gz 37de2cfa9f758c509a330e92a3ded39885b3dbc15ec50809592def1354a3380e 599468 rubygems_1.8.24-1+deb7u1_all.deb 1f29fb6076524cdb425cd6fd03112e81e310e1d40af7d19c98e2bad7551b8b2b 29458 rubygems1.8_1.8.24-1+deb7u1_all.deb 9fe70171e9e3ff0bb48753a9696044c73dc3a4cf17d21736e6ba4f441abc85cd 29454 rubygems-doc_1.8.24-1+deb7u1_all.deb Files: ba772a1fb9b9854f25dab1c71be03a13 2182 ruby optional rubygems_1.8.24-1+deb7u1.dsc 3a555b9d579f6a1a1e110628f5110c6b 380101 ruby optional rubygems_1.8.24.orig.tar.gz 48656b5211766f630e4a017315d55301 30358 ruby optional rubygems_1.8.24-1+deb7u1.debian.tar.gz b0e1bc5e0fb17643c859d78b39c2e4d6 599468 ruby optional rubygems_1.8.24-1+deb7u1_all.deb 263b24f6aa1447f7c76268e55424287b 29458 oldlibs extra rubygems1.8_1.8.24-1+deb7u1_all.deb 1a82b6b67d4263efb684b880800321b3 29454 oldlibs extra rubygems-doc_1.8.24-1+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlnKxxYACgkQeSFSUnt1 kh7t2A/7Brw7ARih1IYPZdAwnAiV+asTEdL3LoAfmML0h8OwiWwsJC62UyX2RbC5 SNpI+NxDPg3jQfjuh4Y4snRcXi9CLXL9aJYiM76dnOdd2b7DEQ2u8GZl9iuQhtR6 QdOe3BLn8BfFvKHkOUR31uuyifp0r9yoqUfVMkXQ+s84uSEXZVbOfS5aaKAPPczr PKj9v62Sx6mUvqfiCwG4qwNcmQgfPd9HiLVZ1pSCwD70+bVXWm4NwYLXWjTL55Qy CVrb4Ym/clcEWFnj+tNhW0FvqXDnk0ycGVtLqHeBuTBuhhzXVgfJB6qVMolJbBhX 2A22t8QELsUw+1+z5aZdL7NIsMw7TVwVJ9L0ic1D6Qk9Ut+WaR57svVTvAEoAseJ qplGUp+N8gDEdcH8FzkDZVnCO2oN8PAvJEbYAR+R4FXTMorb4mZAVSQYJwozFITF 0Kz/JWcz8DQsFYq3DkWQa9GethdS2s9Z++wiuAtxzeXr7SLs33cOvWJsJ2lyKKj3 34gEUKLSJUxd2iZnJLgyhPinomCvCYpRe9JBx8bYnNQH9kreuuQgNAgnf9i74rJL rnsiMVZBSnZF25UgA5JkNMpVaKcduWRjiBJ8xg0SrP+FGvnBqagz1FynkiDBLFlq NtmjXILEhfNdARvUWp187ov4zFdlU2sRy1rZvFHDPKa2BnDVETU= =ntWO -----END PGP SIGNATURE-----