-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 22 Oct 2017 12:45:48 -0200 Source: ruby2.3 Binary: ruby2.3 libruby2.3 ruby2.3-dev ruby2.3-doc ruby2.3-tcltk Architecture: source amd64 all Version: 2.3.3-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Antonio Terceiro <terceiro@debian.org> Changed-By: Antonio Terceiro <terceiro@debian.org> Description: libruby2.3 - Libraries necessary to run Ruby 2.3 ruby2.3 - Interpreter of object-oriented scripting language Ruby ruby2.3-dev - Header files for compiling extension modules for the Ruby 2.3 ruby2.3-doc - Documentation for Ruby 2.3 ruby2.3-tcltk - Ruby/Tk for Ruby 2.3 Closes: 875928 875931 875936 876377 879231 Changes: ruby2.3 (2.3.3-1+deb9u2) stretch-security; urgency=high . * asn1: fix out-of-bounds read in decoding constructed objects [CVE-2017-14033] (Closes: #875928) Original patch by Kazuki Yamaguchi; backported from the standalone openssl package * lib/webrick/log.rb: sanitize any type of logs [CVE-2017-10784] (Closes: #875931) Original patch by Yusuke Endoh; backported to Ruby 2.3 by Usaku NAKAMURA * fix Buffer underrun vulnerability in Kernel.sprintf [CVE-2017-0898] (Closes: #875936) Backported to Ruby 2.3 by Usaku NAKAMURA * Whitelist classes and symbols that are in Gem spec YAML [CVE-2017-0903] (Closes: #879231) Original patch by Aaron Patterson; backported from the standalone Rubygems package * thread_pthread.c: do not wakeup inside child processes Avoid child Ruby processed being stuck in a busy loop (Closes: #876377) Original patch by Eric Wong Checksums-Sha1: fc2239753ec5a97c0033669260c38404b033bc89 2503 ruby2.3_2.3.3-1+deb9u2.dsc 9392e4fac0a593c277f6b9402b0c951272ccabea 101656 ruby2.3_2.3.3-1+deb9u2.debian.tar.xz 54e0e758b6cf8fd9d378e3b23fd244d1b2a633ba 4605396 libruby2.3-dbgsym_2.3.3-1+deb9u2_amd64.deb 9c6b7dcc9a8dd007945e86262f8a94031a7381e8 3107924 libruby2.3_2.3.3-1+deb9u2_amd64.deb a1ea5960d3abc6b4d0536d19cb1d566b129ff3f3 5220 ruby2.3-dbgsym_2.3.3-1+deb9u2_amd64.deb b597042769944f9badb8c5f3c61630ae466ebe30 1178978 ruby2.3-dev_2.3.3-1+deb9u2_amd64.deb 6f1ac5dc45a13a762b136273e2bedb925bfa637a 3512074 ruby2.3-doc_2.3.3-1+deb9u2_all.deb ad377c0a3d547f94e5aaab6d650a7ff493fe6d3a 193486 ruby2.3-tcltk-dbgsym_2.3.3-1+deb9u2_amd64.deb 826a6c7e18a9b1d67d810c21b7b2e22ab5b36e75 421734 ruby2.3-tcltk_2.3.3-1+deb9u2_amd64.deb 752d848843e0f462fe4885c08d94224ad030a4bd 10438 ruby2.3_2.3.3-1+deb9u2_amd64.buildinfo 0d7262d3f312379a98b0e3a61dab9567f4bbbcf9 187302 ruby2.3_2.3.3-1+deb9u2_amd64.deb Checksums-Sha256: d778479ae0bc2fe196d8ea7737581346311032e56bcac8e5e59d4ce145a1b041 2503 ruby2.3_2.3.3-1+deb9u2.dsc 1ecfd9d44396afcddaa349f87af1fd82ce2ccfe610f7ff1eb71fca8d69365595 101656 ruby2.3_2.3.3-1+deb9u2.debian.tar.xz 3284f4a8cfb768da7be774f11046fd137623d5f595e314c1a4f778ba77609e67 4605396 libruby2.3-dbgsym_2.3.3-1+deb9u2_amd64.deb 96f76e6cc5ebbbe8f641b87225f2ddd3181ed8f911d398869410fd1433f2c3e5 3107924 libruby2.3_2.3.3-1+deb9u2_amd64.deb 2b6f776129d69acf337c7d36fad5eb0365e38e0860f0a2e52600835927ae2dc1 5220 ruby2.3-dbgsym_2.3.3-1+deb9u2_amd64.deb 4cf5b34f55080513f2bc6d2b858bb931670c1ca47854ce4bb18cc1efbd1710aa 1178978 ruby2.3-dev_2.3.3-1+deb9u2_amd64.deb 7250d38b09c3f1b7c503d7fb216c17f0d16ad84ccce3ad92f8879be1bc5ebd2d 3512074 ruby2.3-doc_2.3.3-1+deb9u2_all.deb b609eac308ea13b266527f7481400d509de24e31a10b21e0875b8843bf8d388a 193486 ruby2.3-tcltk-dbgsym_2.3.3-1+deb9u2_amd64.deb 1c835445a1f2a483b7c1c991258c41a8d28ab9d888e7ffa7835c60400bf74fc0 421734 ruby2.3-tcltk_2.3.3-1+deb9u2_amd64.deb 069ac11dc8330b315ed4d5f2c0c551e77c2816f44fa2ca3d1fea2c4b6becf3ed 10438 ruby2.3_2.3.3-1+deb9u2_amd64.buildinfo 57c58081129c16005baeb591b23839541cbe3445ff873211b18bff63637993d5 187302 ruby2.3_2.3.3-1+deb9u2_amd64.deb Files: 51e216e75018504d050a6b1e7294652d 2503 ruby optional ruby2.3_2.3.3-1+deb9u2.dsc 36c9812418be88cd206d34031d498cbb 101656 ruby optional ruby2.3_2.3.3-1+deb9u2.debian.tar.xz 75e8a3a9893bd2f42f0756e19ce02d2a 4605396 debug extra libruby2.3-dbgsym_2.3.3-1+deb9u2_amd64.deb 423fe6f9c315c34f55e0c8a14479366f 3107924 libs optional libruby2.3_2.3.3-1+deb9u2_amd64.deb 116c2ffa0f00a2456addf3b6904470d0 5220 debug extra ruby2.3-dbgsym_2.3.3-1+deb9u2_amd64.deb 2316a3c3bca8e8a41e7fc8d4cf3c5ae7 1178978 ruby optional ruby2.3-dev_2.3.3-1+deb9u2_amd64.deb adba35efe792b47ba689959d01bebe99 3512074 doc optional ruby2.3-doc_2.3.3-1+deb9u2_all.deb afb7f367e072f990f1323ff249df2c77 193486 debug extra ruby2.3-tcltk-dbgsym_2.3.3-1+deb9u2_amd64.deb cf32242176e6171cb33a2177527cc3ec 421734 ruby optional ruby2.3-tcltk_2.3.3-1+deb9u2_amd64.deb efffe6b39a0ab676da405989f2d6ea96 10438 ruby optional ruby2.3_2.3.3-1+deb9u2_amd64.buildinfo cc5a12044ffd2fe035005c22e312629b 187302 ruby optional ruby2.3_2.3.3-1+deb9u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAloB6gQACgkQ/A2xu81G C94K3BAAtr/wjjKciR9DeendO3iFQRNxhegngn1oIU8HnrchWdDl2IQGPfF8HJLy KBkI8iPW6I57pxtk0uMOLkYE1vlCqZSFOFZ2yCVDWaHRqOS+r2O5mRxfSCjoWkiH NPh/B85uy/iNMsg5F9m3RMYh8/m6DHmmxPv5RqTf+1dHu5YXtaziCFSUk37COE1j tsgLvgnM8GaTM4p2mKdD52hMieeeB6cI6MBCHt98Jm9wSx644/9pO3gPr0bniplz u4NNkC2Fo2IZGoAaiqeM3qooXQemEkb70eQwwRZVN8IXHgo3mRbNRXoY1SkvylCo B1ZrMFdRusiBaOXBHJiZNqcgO0dlN0mK/SZ5H8OOhwxN9YySDbLXAp3oSsQDaeZF p/tYHNNEZW9VvoRm6xPPxTbDNkb5/66nnO+QK+IUru+zdWXoVpbSGhFKiFzJiLm2 v7pUwWUFfhrq7/ZG68QV1PXP4/2zTzZlQJd6jao1jAV/M1Qy3S/lfKbRZ7w890j9 usezaAfZMqVOToDJYRW76Z8/H2GLjgw95crRkxXGovLY8AeX76qjY5YYZim8hxrh bq4flRhFzkeMbS6y1Yn6p0/V8jE0XtEdgW4Znch8eBblz868View8zjtCo9mO3Wp MtgQVlBerOAtnijO8iiXfEl1CfiJFbmoqmd0kBXwvHM68/cvNfk= =rnTR -----END PGP SIGNATURE-----