-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 08 Nov 2017 20:27:02 +0100 Source: ruby-yajl Binary: ruby-yajl Architecture: source amd64 Version: 1.1.0-2+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: ruby-yajl - Ruby interface to Yajl, a JSON stream-based parser library Changes: ruby-yajl (1.1.0-2+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-16516: It was found, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. Checksums-Sha1: 013ec9d294a0487404f312f0f9e0f9fabf359eca 2294 ruby-yajl_1.1.0-2+deb7u1.dsc 63746e6ddf9200f3276d9934fe49a76905ea1320 572261 ruby-yajl_1.1.0.orig.tar.gz 4dbc7b6a0087c4dd9880e27bbbd571eb6690e0c4 4721 ruby-yajl_1.1.0-2+deb7u1.debian.tar.gz b74d56345235d0fe45b28cf9cc52360b83a46660 68590 ruby-yajl_1.1.0-2+deb7u1_amd64.deb Checksums-Sha256: 3745c98e8f473d6c981840b3efbdf23bbd81a1da676c3f801a6f31b8f9f5a72b 2294 ruby-yajl_1.1.0-2+deb7u1.dsc fbcb3848aa5d32a414710f56b829d5c3141a7c216961545a0a7536b45dc5b6d7 572261 ruby-yajl_1.1.0.orig.tar.gz 7987034f15bdc1c89ba6272114a9b18f79a59bd24d63ca7915b437a6c36697b3 4721 ruby-yajl_1.1.0-2+deb7u1.debian.tar.gz 7dc3fe87e063a3e51b40da3e8b003ffb04751fa0d7e4a20f9ce706dc45ee337c 68590 ruby-yajl_1.1.0-2+deb7u1_amd64.deb Files: 980d730fa998638945b5d96f2d4d41a7 2294 ruby optional ruby-yajl_1.1.0-2+deb7u1.dsc 748969938fe0afd418d7b593eafb2f2a 572261 ruby optional ruby-yajl_1.1.0.orig.tar.gz 06abc6a6a5c5680b3d80344060287f2a 4721 ruby optional ruby-yajl_1.1.0-2+deb7u1.debian.tar.gz 47582f06ea652fc90410cdc7948f618d 68590 ruby optional ruby-yajl_1.1.0-2+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloDb6dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkyToQALW6AxLzHgJeIDXezLsiLy1qacENfNbT6tk/ wUqL77GLDjE4kZCsgZIb6LVFRUI+y5Idbou6XdV2DiOOUCbLLy8YU3X9lB6e1aer QUEOaGmc0tPnAK1vAAH2GjJhPn7iDFrYuTslRuiaQ5WG5jM26AiZrhbiv7TfGTqS yIYJRz7do9WCBnlzyW7cB1rcqeIQXc9QQH51n7jEptV2HWNLwflck98hFyKTVUDd kk3H1hGIWu8SEpcnEtHr0wSXHgFTKq3faM8RPWyfN1BtsegBWrKVYdyhHUj62yBr RULho/iY4SmrzTCAFZpShIbJHOO2fqnpDCjO11TVzd98bqHHMRApKnmDF9/0k+dK mBC5znfpdk1QBsbazJdPE/jwA3a/6FsfVGmpr5bKgPgn3n/FZjcPwel/J4vfv15C l0EpMBrgiE1ZxnYtPcTZvL2j61YcTZWMLGjs/7r7UMNpcObdw+OgKb/VuskOm7Nl SzL7G1L6QbY0Xb2fzk4NfWjS6ejivLKVnk/3MvSU87D7vAXelrk5IjzhSVAdtunh K14l7xyCOx7yIJ3aU0WNVDLozePychXyVLIc3jgfzvAmvil9clqmptSrx0hRawj9 UNdtJaGbjIZpwRbjF+FcCKZkrGFReRc2GDDDLWN3xljL41NShSgNAXtdqDQfk9F9 fhne9oIw =mN3A -----END PGP SIGNATURE-----