-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Apr 2018 23:42:57 +0200 Source: ruby1.9.1 Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ri1.9.1 ruby1.9.1-full ruby1.9.3 Architecture: source all amd64 Version: 1.9.3.194-8.1+deb7u8 Distribution: wheezy-security Urgency: medium Maintainer: akira yamada <akira@debian.org> Changed-By: Santiago R.R. <santiago@riseup.net> Description: libruby1.9.1 - Libraries necessary to run Ruby 1.9.1 libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1 libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1 ri1.9.1 - Ruby Interactive reference (for Ruby 1.9.1) ruby1.9.1 - Interpreter of object-oriented scripting language Ruby ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1 ruby1.9.1-examples - Examples for Ruby 1.9 ruby1.9.1-full - Ruby 1.9.1 full installation ruby1.9.3 - Interpreter of object-oriented scripting language Ruby, version 1 Changes: ruby1.9.1 (1.9.3.194-8.1+deb7u8) wheezy-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Fix CVE-2017-17742: HTTP response splitting in WEBrick * Fix CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir * Fix CVE-2018-8777: DoS by large request in WEBrick * Fix CVE-2018-8778: Buffer under-read in String#unpack * Fix CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket * Fix CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir * Fix CVE-2018-1000075: Strictly interpret octal fields in tar headers to avoid infinite loop * Fix CVE-2018-1000076: Raise a security error when there are duplicate files in a package * Fix CVE-2018-1000077: Enforce URL validation on spec homepage attribute. * Fix CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute when displayed via gem server. Checksums-Sha1: bd04af0ce0c78473e22d61b27b4de283b675ee16 2667 ruby1.9.1_1.9.3.194-8.1+deb7u8.dsc 15e38aa12e0cbec2adb6c21d179bd3deaaa5005f 92530 ruby1.9.1_1.9.3.194-8.1+deb7u8.debian.tar.gz f334773c66674ce00339b468dcd94a6e7836cf16 233522 ruby1.9.1-examples_1.9.3.194-8.1+deb7u8_all.deb 2c5de058262a6c31874c0c3b81d6f1cd7160dec2 2177440 ri1.9.1_1.9.3.194-8.1+deb7u8_all.deb c2ca362f1b62122537ae0b1700e73056136a2da1 172378 ruby1.9.1-full_1.9.3.194-8.1+deb7u8_all.deb e23dc8df836c8a66630b7e7655e9bf389bd7e723 172928 ruby1.9.3_1.9.3.194-8.1+deb7u8_all.deb 73d76c74aa8f665b30b6863ed180767f4c4034be 209940 ruby1.9.1_1.9.3.194-8.1+deb7u8_amd64.deb cbcad5c54c9b804cb27d5b206444110eba615d3f 4415354 libruby1.9.1_1.9.3.194-8.1+deb7u8_amd64.deb 61ecc6ff81dc3182f17f95134b21bf146f2ac13a 4565212 libruby1.9.1-dbg_1.9.3.194-8.1+deb7u8_amd64.deb f3ad345809dc28e28c19269fb7e23838ba04b308 1382250 ruby1.9.1-dev_1.9.3.194-8.1+deb7u8_amd64.deb a1a09ddb7a69f70f3a87ed5386cea09883728dcf 1964394 libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u8_amd64.deb Checksums-Sha256: 50b819aab4ac515055757c1b7fa8349468d57845c1a04c09cc2385e4e7df4f32 2667 ruby1.9.1_1.9.3.194-8.1+deb7u8.dsc 28d6d1607ea43c96f485f51f1f7a8bcfbbf0e8d6bfb67d57013f48eb974c5773 92530 ruby1.9.1_1.9.3.194-8.1+deb7u8.debian.tar.gz 11c1409b9bc077d7c6688efed577fa3290f994ae2614fe3c3e5da879978995a4 233522 ruby1.9.1-examples_1.9.3.194-8.1+deb7u8_all.deb 8c72c14a290120d3a2c79c4d5569c45152dc1f88aa40d500434b9fd0274447a6 2177440 ri1.9.1_1.9.3.194-8.1+deb7u8_all.deb 694bc26f8bc01e5218d775023264e723bfe045a692f7a36b5f729a6264594a04 172378 ruby1.9.1-full_1.9.3.194-8.1+deb7u8_all.deb 3af08eaa34bd90dbdb5373cc1b8b6ed44f0c81cd725fb29e142e14a984590096 172928 ruby1.9.3_1.9.3.194-8.1+deb7u8_all.deb 00514a1354cb66671de8c0d4d48d64c217915814a072199975878397b9da934f 209940 ruby1.9.1_1.9.3.194-8.1+deb7u8_amd64.deb 0f4d01fd07cdf90cde0c6fea7dabb6b88c9005e6cec56dc19455716c656e1e46 4415354 libruby1.9.1_1.9.3.194-8.1+deb7u8_amd64.deb 19c4712da77ea9fed05670cc39522f2dcf18ba4ab2e0003cb3926089fdef35de 4565212 libruby1.9.1-dbg_1.9.3.194-8.1+deb7u8_amd64.deb a5429035f2299482d2b04275e4002cb86a59edbe8b2b840226c0f8048c8a439e 1382250 ruby1.9.1-dev_1.9.3.194-8.1+deb7u8_amd64.deb 26303c8bb0536956a0a226c31db3d3a4845902ef5b658717ab920f453b02e29b 1964394 libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u8_amd64.deb Files: 035cd64f005f50dab82154354f71d8c8 2667 ruby optional ruby1.9.1_1.9.3.194-8.1+deb7u8.dsc 34a5aa632b26dc07836416b701919b5e 92530 ruby optional ruby1.9.1_1.9.3.194-8.1+deb7u8.debian.tar.gz bf1e80f47932cbec6500f11c1e131cad 233522 ruby optional ruby1.9.1-examples_1.9.3.194-8.1+deb7u8_all.deb 223b3ddb8770e99c4227583f99dbe54d 2177440 ruby optional ri1.9.1_1.9.3.194-8.1+deb7u8_all.deb e0d87b8d715dd35f8cd6b41ba9f6d70b 172378 ruby optional ruby1.9.1-full_1.9.3.194-8.1+deb7u8_all.deb 24a6d25a2f17b54983ebccd92d0b7d6e 172928 ruby optional ruby1.9.3_1.9.3.194-8.1+deb7u8_all.deb 62290812e160746246be33928270af21 209940 ruby optional ruby1.9.1_1.9.3.194-8.1+deb7u8_amd64.deb 70d4409cc1d373f4576ad0a51dfefcde 4415354 libs optional libruby1.9.1_1.9.3.194-8.1+deb7u8_amd64.deb 49a956653a51df7db32eec7173215229 4565212 debug extra libruby1.9.1-dbg_1.9.3.194-8.1+deb7u8_amd64.deb 09ef13e57d136be960a024226e93cb17 1382250 ruby optional ruby1.9.1-dev_1.9.3.194-8.1+deb7u8_amd64.deb ae9c5bee67342d9e40b55296cdffc821 1964394 ruby optional libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u8_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAlrdo/QACgkQFX/a4RXx 4q1grA/+P2CM9TBtFCYfxi4D/DAMRxafnejH+jDNG1RGSuHAjrdMnF+CrHBfuZn4 qRpf80aanlkvqnPg9DZAURFbpkVT7msBEbwUBtETvmSEt6kmrnjA+YLO4RWCvfvv 3zc+HgZBK3p59DpI5ug8vdFRnyPbz8Hegz2uh51jq7K4uwdfLOdyBIqtZtzB+f+c NnMeG1U1P9kKcqb+MRQ1Tx7BULGHe4z4Q+RPHeNlLr2CEH7u6Icaz05gTgpPzpsS 0XXlaJCJfoDFEe7bpgtxl/jRs8t7S1NZKpTkXsOV82SONlSwm7+dke9LqwVSedd3 bGywDWXNMlYiaKnjhhtq6HsY+WnrM4nHGtAskIHYSdcu5iFELgYIljJgG3DsPzEe MGohKlbxqj8bjU3CdbXi8wDTfk8YJXMK/dciLaOVifh+QRB2Xdyzi53mWl5DVC49 N6qu2OPlWZUekG4A0Q3k2kcZIuu0HerdF7hJ11r/tbVTNMF3cjusz+hewzAGtRcM xpSwdLhwTexcY2vNWQVwgQkcpbRH/KspAgL6Msvru/R5njJl/Z6+KM5QDNAO19Bo Oku9XBvJtpWhwAIH44gN1pAVQi2hvviHXniS/rKDm51W2D3KQNrITnWZuVXaisUv 1ihQ3QLZ+cZCYEmZg+DHwV2wxWJPnxv4me/zpwNYeE/ssdeunds= =2pPG -----END PGP SIGNATURE-----