-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Mar 2018 18:09:13 +0200 Source: rubygems Binary: rubygems rubygems1.8 rubygems-doc Architecture: source all Version: 1.8.24-1+deb7u2 Distribution: wheezy-security Urgency: medium Maintainer: Daigo Moriwaki <daigo@debian.org> Changed-By: Santiago R.R. <santiagorr@riseup.net> Description: rubygems - package management framework for Ruby libraries/applications rubygems-doc - Transitional package for rubygems rubygems1.8 - Transitional package for rubygems Changes: rubygems (1.8.24-1+deb7u2) wheezy-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2018-1000075: Strictly interpret octal fields in tar headers to avoid infinite loop * Fix CVE-2018-1000076: Raise a security error when there are duplicate files in a package * Fix CVE-2018-1000077: Enforce URL validation on spec homepage attribute. * Fix CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute when displayed via gem server. Checksums-Sha1: 4c5eb18cdab2fcfbbd67bbaedf919ac349d4b2fa 2182 rubygems_1.8.24-1+deb7u2.dsc 0f2ded026ab9b12c5445223e33bf26c4050d8dee 29724 rubygems_1.8.24-1+deb7u2.debian.tar.gz 937e6ba943cf1a5903b0bcdf7613e307f23f4118 601946 rubygems_1.8.24-1+deb7u2_all.deb b0d179b6db8a25d480858e2aca2e2a440cfc2f76 29664 rubygems1.8_1.8.24-1+deb7u2_all.deb 1bc5b686afe6dd982df436604a358f359579bc8d 29656 rubygems-doc_1.8.24-1+deb7u2_all.deb Checksums-Sha256: e57a8b833f84a089899d058aa78fea2116fbc9e97cc8ea503c992f80cb669e8b 2182 rubygems_1.8.24-1+deb7u2.dsc 2154d1fa4c910d6504f03c575c805dafd23d33151b05f86cff376eba19029199 29724 rubygems_1.8.24-1+deb7u2.debian.tar.gz 55ce32a40417ecc2241c42027bd4c149ab8c7a56176b87f0fcf4138b2a3214a0 601946 rubygems_1.8.24-1+deb7u2_all.deb 2927c1cba24fabc8fa8b2985deb0e8121e73060dc563e7b37e8da9242e83a29c 29664 rubygems1.8_1.8.24-1+deb7u2_all.deb 6152928fbaea1e177fc337373207dd4910d4724d0499843f62f4a0f4e6ce4799 29656 rubygems-doc_1.8.24-1+deb7u2_all.deb Files: 7fd8a64866879bfd1ec48a619a1fc88e 2182 ruby optional rubygems_1.8.24-1+deb7u2.dsc 7ed443d62928fe918d79573796afd61a 29724 ruby optional rubygems_1.8.24-1+deb7u2.debian.tar.gz 2c8f7e09c9d5a48718ec70826ac30354 601946 ruby optional rubygems_1.8.24-1+deb7u2_all.deb ce5e2a4960a9c1040ddcae335f15025d 29664 oldlibs extra rubygems1.8_1.8.24-1+deb7u2_all.deb c0d1193102a01bc8eafc365aa0748ee8 29656 oldlibs extra rubygems-doc_1.8.24-1+deb7u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAlq/+jwACgkQFX/a4RXx 4q3plA/+O3I5mLhUj/mP0OTRG6CvkIHgkrU6C2+T5eDiwpPm50f8k/6QooDmsMy4 W0BIs/nC/IRYRNFA3O0Nm6KbJwEPdhiRWm5Q4Rz8PldFNA+pwczMEolu8nJeVxH/ pXL8XwvyZLH0xDJ/0Sy+LAvfmSDUlSyYyDjeJsqr4AMsZtdLc1RHkpLeZN99n9zG fqIQxTEVblIRekthr2ZshHDSW2pucDcLROflEBd7Z4ccrNMozFCW+Qlyen/0lZ7v ZhiPT1lQ8AvhVez0SAB6J1FMLAYlA+TwGE0bIbBWvAbB7Y4Dyx0dl8nq1z01GH7Z YOl005VHzYw0adccFpBr4ZFGOpx3/HNVmJb5B0Mq2oS3HG56mzibDM33+I4bErK6 H0y9knZNgEVca8DehNlO117VYTgf4yKesFAUVnGgF9kUbRsDCTW4tZb0E1gCmcOI JWDr8yrsqNZhM7i34iFUm1lQW/3qWXVvJK9b5IGwMwbnJTQyQ1JVGZ6ZwvwW30h4 9LWNR90xmjQUfjuSBqpi16LMuZrKbgOQfmBWzb9omfDqOicg9uhkgQFgaMw4u1M7 UV4hrDkjrNm8ZqGiBplliRRjJiMGyrEbpSGdmQQe2hI0XeO6OYzFPblJaXSkkLpQ Ky6Du/CqepvQ3q2XjZV0480PYjgm4AbJpGCdrl1NbAR19Pv+6N4= =5oO7 -----END PGP SIGNATURE-----