-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 31 Mar 2018 13:22:48 -0300 Source: ruby2.5 Binary: ruby2.5 libruby2.5 ruby2.5-dev ruby2.5-doc Architecture: source Version: 2.5.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Antonio Terceiro <terceiro@debian.org> Description: libruby2.5 - Libraries necessary to run Ruby 2.5 ruby2.5 - Interpreter of object-oriented scripting language Ruby ruby2.5-dev - Header files for compiling extension modules for the Ruby 2.5 ruby2.5-doc - Documentation for Ruby 2.5 Closes: 889848 892099 Changes: ruby2.5 (2.5.1-1) unstable; urgency=medium . * New upstream version 2.5.1. . According to the release announcement, includes fixes for the following security issues: . - CVE-2017-17742: HTTP response splitting in WEBrick - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir - CVE-2018-8777: DoS by large request in WEBrick - CVE-2018-8778: Buffer under-read in String#unpack - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir - Multiple vulnerabilities in RubyGems * Refresh patches. . Patches dropped for being already applied upstream: . - 0005-Fix-tests-to-cope-with-updates-in-tzdata.patch - 0006-Rubygems-apply-upstream-patch-to-fix-multiple-vulner.patch * Add patch to fix FTBFS on ia64 (Closes: #889848) * Add simple autopkgtest to check for builtin extensions that are build against external dependencies (ssl, yaml, *dbm etc) * Add build-dependency on libgdbm-compat-dev (Closes: #892099) * debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to assumptions that don't hold on newer tzdata update. Upstream bug: https://bugs.ruby-lang.org/issues/14655 * debian/libruby2.5.symbols: update with new symbol added in this release Checksums-Sha1: ffab60462ff0106f896effb97b0c6fc5f6fd6d6b 2396 ruby2.5_2.5.1-1.dsc e95ff19092f2026b161e6e6d7759489d646e10aa 15669354 ruby2.5_2.5.1.orig.tar.gz bb278f38ac79739b01c7b73e18659b5c237475c6 101248 ruby2.5_2.5.1-1.debian.tar.xz e47b70daaaff8144f9efc0988dfb43081eeee5c7 6419 ruby2.5_2.5.1-1_source.buildinfo Checksums-Sha256: 7435915706d3ec3ee701e2e48186a3561e7b7d72f2534ea1db81f707f848d6a8 2396 ruby2.5_2.5.1-1.dsc d690140ba5b91b23d990dad9170fca8ef8e9e5ac8b62f1eb7a84ecf1edce2ed3 15669354 ruby2.5_2.5.1.orig.tar.gz b6a1bcae7ef73639d50819d39047cc4c2f491644f3399b5fb5cbbf793264fe45 101248 ruby2.5_2.5.1-1.debian.tar.xz 4aa400cfb4a70229125e6b442eecb5531807c82bba6afcc0ef16c0cffd86cb34 6419 ruby2.5_2.5.1-1_source.buildinfo Files: efa9d5f75ab65e7c7676035379a16128 2396 ruby optional ruby2.5_2.5.1-1.dsc 2a2c44e4d1c573006c17d9d0ef82afe3 15669354 ruby optional ruby2.5_2.5.1.orig.tar.gz 63021d08b85b26cdf3e09c85149d1023 101248 ruby optional ruby2.5_2.5.1-1.debian.tar.xz 417dac07bcca2522f2ae9814c99ee09b 6419 ruby optional ruby2.5_2.5.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAlq/thoACgkQ/A2xu81G C97YWhAAqPXn/o4XFgcJa6Tlk5pT1yKiCuPYPx24mIALLypiaUfuHEFChIxOF9NI TBf44lSHz/tzq/2yKux0SdQtCbgfUaN8eihVUdBhPE+k+RsXsIv3mNN1o33szv+N tkuCZPfHaDHpH9E7Ibvma6NByMqhHZNOYvhmCNdP6aiM75jSbwP3gjR8Fo8/kSNA 3p2NL4qEInkyUqKfmmp1g0s41nvBxT6BiXoY4WKtZPbY7+TDNjT0IjK+zlnodLVH cKYYPHRH0UoIuKh6+uF/HwvUtmQPJ98zOH9LSBl27mfEwKfS5ZvQqaKdSABYs+5S nYsFQ6rNewqRJXaGiRRB80Xy3br402sZRSgl3SOaH/KVNBGt3E9UwKpXzpWBN7G4 w3D2237IMhSjFPyqePeTs++/j5IYetgz1vSL+T9njAtd9wZM7UE1GwHLXMEPxc+Y tfbthz4d+pMTLaK0WK4TftPOT+0mKUD7qVVa2IyW7DWeQPrzg0cWExz7zw0lBFDN pmHd5YKfGtNwXxZ2txK8+1KHiySvJOV0c0bFMs5y3y4iBINVgBiReXsGTe5U81D7 +uMxEASH9X4FiQ9QCqYLzJbB0llq6uzulJuKWCAyCZUT2ZfOwZhbtt0OshFGhTOD GsMM1qePltBHCD9hsIYbFc2n4iQ/CRvM1BYuXSo52nSrlUSgS7I= =A45a -----END PGP SIGNATURE-----
