Debian Package Tracker

From: Santiago R.R. <santiago@riseup.net>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted jruby 1.5.6-5+deb7u1 (source all) into oldoldstable
Date: Sun, 01 Apr 2018 19:50:16 +0000
Signed by: Santiago Ruano Rincón <santiagorr@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 31 Mar 2018 13:38:03 +0200
Source: jruby
Binary: jruby
Architecture: source all
Version: 1.5.6-5+deb7u1
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Santiago R.R. <santiago@riseup.net>
Description:
 jruby      - 100% pure-Java implementation of Ruby
Changes:
 jruby (1.5.6-5+deb7u1) wheezy-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2018-1000075: Strictly interpret octal fields in tar headers to
     avoid infinite loop
   * Fix CVE-2018-1000076: Raise a security error when there are duplicate
     files in a package
   * Fix CVE-2018-1000077: Enforce URL validation on spec homepage attribute.
   * Fix CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute
     when displayed via gem server.
Checksums-Sha1:
 708096db14106b0ec7b5c0c2d1e3129ed40c83d4 2308 jruby_1.5.6-5+deb7u1.dsc
 c18bb2df632fad19bf14b17674eb1e73d0615acb 5447477 jruby_1.5.6.orig.tar.gz
 1df17fa20408980363957f7adbdccb1a5b64fb2f 34120 jruby_1.5.6-5+deb7u1.debian.tar.gz
 f11599513a2d3a3b26a500f7e219aa9f4f087b3c 8917748 jruby_1.5.6-5+deb7u1_all.deb
Checksums-Sha256:
 874dc5d6eba8a1345d7c9514ded80690d3b9828146bfd389fe0a0a92feab6589 2308 jruby_1.5.6-5+deb7u1.dsc
 d101f8be5629f07909367b01deadcb87b6c338f96460ff9efd311ccfc0affb8f 5447477 jruby_1.5.6.orig.tar.gz
 85ea2139d885d6e1b9ea9f055212ddd085273fbfd3aca1da9acb595b0a49d212 34120 jruby_1.5.6-5+deb7u1.debian.tar.gz
 fefd684b3c15a89d451cd00e06836152e3dc3a1645b6d6f81601c887a5a10b66 8917748 jruby_1.5.6-5+deb7u1_all.deb
Files:
 1fe1762658744702fe9ca5caf1ab1f86 2308 ruby optional jruby_1.5.6-5+deb7u1.dsc
 13175b01fd214cf56e8ea64c0dc05eae 5447477 ruby optional jruby_1.5.6.orig.tar.gz
 4a3155d0e97bac7aed5cb25dfb804396 34120 ruby optional jruby_1.5.6-5+deb7u1.debian.tar.gz
 0d770259bf08d9da27cca4c337fe94df 8917748 ruby optional jruby_1.5.6-5+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAlrBMyEACgkQFX/a4RXx
4q0zHw/+PlY8W8I1cGDNug/iBdidODzPsfElmUp9m0qzNbESQAvIp/6xoDIDtgqz
2RC4uaPEnT2rQrU4DjfdNI8Mv770twyOIDshLqdRB9GmaJ4NJsRz/u5IMNYzmJYp
uRWEU00zzD6ZTctZKA3Q6SMFxBF9DaBrJ/BmfmeuP87eIai3MFh6WzPyLu0/LKgE
n5NyvHEtBt2nKJSwOrv3Oced3/nYgWbc0MJeoovWBW/uctc+w52BN/g3nD0CX4Kc
Lt3uYlfWwNdqXaEGzd+r2n0ylcnOHJU3FcSW1Pz5W4QKJZntLOnkYYa6miohu9mg
neiDMfXn42ZyBJDFBjRl50PFegAPNnt7/Ug/jHsq0RaDaCoFZjod6fMgeiMUOlsF
rg8kdFdKSiVg8AvKMlEjaDRA+wR2zFF5WLzDm1+jZITyJ4geBoLnDgmMG2LbSxqs
QfO5M8V/5TogFGmoygENk8T15I5NLAlRcHy6szdnghgilMov36JRHwDSPFeDY/sq
trMuygYNR+g2JFrkbAt7SUs1yO4fGqKGg3+vl0lehMoot1mdTid6F0le4iWoM41D
N4Gt5h52aKHLxf5at4x6OfKhTrHrtzHJciIC5F6TtXCzHRMkZwFl7Y2btIm6b5fO
IlZU4YydKMVbERTgLpk2dCTJStVeLe1GHrd+wggueo0C94iujj8=
=hsTU
-----END PGP SIGNATURE-----

News for package jruby