-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 27 Aug 2018 15:08:54 -0400 Source: ruby2.1 Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc ruby2.1-tcltk Architecture: source amd64 all Version: 2.1.5-2+deb8u5 Distribution: jessie-security Urgency: medium Maintainer: Antonio Terceiro <terceiro@debian.org> Changed-By: Antoine Beaupré <anarcat@debian.org> Description: libruby2.1 - Libraries necessary to run Ruby 2.1 ruby2.1 - Interpreter of object-oriented scripting language Ruby ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1 ruby2.1-doc - Documentation for Ruby 2.1 ruby2.1-tcltk - Ruby/Tk for Ruby 2.1 Closes: 895778 Changes: ruby2.1 (2.1.5-2+deb8u5) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2018-1000074.patch: fix Deserialization of Untrusted Data vulnerability in owner command that can result in code execution through specially crafted YAML files. (Closes: #895778) * CVE-2018-1000073.patch: fix directory traversal vulnerability * CVE-2016-2337.patch: fix arbitrary code execution in Tcl/Tk API Checksums-Sha1: a7bf3ad489ba066aadc0a897fb1eeaf703104d90 2106 ruby2.1_2.1.5-2+deb8u5.dsc 4166699118c0b9db9064da0633a9177da9e0e4bd 120260 ruby2.1_2.1.5-2+deb8u5.debian.tar.xz f4c7cecabc6da8bc5f5c695a8b95a99e7da0ad00 276640 ruby2.1_2.1.5-2+deb8u5_amd64.deb 2423c77081ff34a570de353705828e75dea003f4 3278106 libruby2.1_2.1.5-2+deb8u5_amd64.deb 1f4b4e0a220e3fb46a95c9ccb53ac351c94ad4ba 1101058 ruby2.1-dev_2.1.5-2+deb8u5_amd64.deb e35a4046193ff9dc5afef6cf6cc4cffa61eca07d 3389400 ruby2.1-doc_2.1.5-2+deb8u5_all.deb 73abe8011e1f09de21119948186c7327247aa4b6 478434 ruby2.1-tcltk_2.1.5-2+deb8u5_amd64.deb Checksums-Sha256: ea7b3d5d0730974bd635c5a870080fe0677e9b899ed199782d918376809f79ea 2106 ruby2.1_2.1.5-2+deb8u5.dsc 5a5e8cbff2b3cd056076cd5f3707e5f8f1d685273640a97ed36cb9151531cdfa 120260 ruby2.1_2.1.5-2+deb8u5.debian.tar.xz 254c0e1506b12b2c4872839a42fe73cec08b2053d268a6603650190d406865ac 276640 ruby2.1_2.1.5-2+deb8u5_amd64.deb 5cbe0b9d52ec9e8f0ecc1f361763f1188d721362bae4b63a34e30c3bfcbe2473 3278106 libruby2.1_2.1.5-2+deb8u5_amd64.deb 0fc4d284c581efedcd92c9ea3d0ebcc0bcf2cf7e7904335c113b7ffc95cc61e4 1101058 ruby2.1-dev_2.1.5-2+deb8u5_amd64.deb f994698c4642f320181f484703d134414bdf770bbd50af2b609738a3b43e10e3 3389400 ruby2.1-doc_2.1.5-2+deb8u5_all.deb d49679a1c89549e9c4c006fa1c83ccb4e43ad29d1f78365ce20f9358a5c4821e 478434 ruby2.1-tcltk_2.1.5-2+deb8u5_amd64.deb Files: 7bf15797ad2374466aeee86779476d1a 2106 ruby extra ruby2.1_2.1.5-2+deb8u5.dsc 70427b2509503bb78f82430dce8e237f 120260 ruby extra ruby2.1_2.1.5-2+deb8u5.debian.tar.xz beaf31d28026ae908d4eaa2f635815c3 276640 ruby extra ruby2.1_2.1.5-2+deb8u5_amd64.deb a849c59b83d2b493e3c28f2cbd88b544 3278106 libs extra libruby2.1_2.1.5-2+deb8u5_amd64.deb d516c43b979ed830da419cee7ab77a5b 1101058 ruby extra ruby2.1-dev_2.1.5-2+deb8u5_amd64.deb b39cbf72666281c6aaaf601a65464a9e 3389400 doc extra ruby2.1-doc_2.1.5-2+deb8u5_all.deb 972192d223fa4b39cf0d9d57a04ffa04 478434 ruby extra ruby2.1-tcltk_2.1.5-2+deb8u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAluEVNMACgkQPqHd3bJh 2Xv1mgf+KO7/SrfMueYV1haUiD+sScpH9+MhKIuJHB80wJic5I7Ck8F+0UZSc9bv WJq9utvEjLm31aWPVKxUviSbDIzsCJeFYwXyomUt0FnpZTBO8vDHJFzoRFkYuGUp VGNFl0TRnCjolp4kESUehaaO7ml7/XI3YTg06/yK2tB9KmKQhHycjUInJxei/jkr FkYgnb/pDTCmUusRpw5/GDfngoHGXt3WqQ+IDulIGcUKpRUXWaPx9pn9bIcXnnVy ydWh5uaGPXKD6US7bHSilJRTzGNYYNeQGNOJEG9H4BPEGfcb8mnDzLEF3CmZIH/J aY9BwCwkHJgIGmwJMkP+n4Zad6CS4w== =iU+h -----END PGP SIGNATURE-----