1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted ruby2.5 2.5.5-3+deb10u4 (source) into oldstable-proposed-updat

    From Debian FTP Masters@21:1/5 to All on Sat Feb 5 20:30:05 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Sun, 16 Jan 2022 19:56:28 +0530
    Source: ruby2.5
    Architecture: source
    Version: 2.5.5-3+deb10u4
    Distribution: buster-security
    Urgency: high
    Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
    Changed-By: Utkarsh Gupta <utkarsh@debian.org>
    Changes:
    ruby2.5 (2.5.5-3+deb10u4) buster-security; urgency=high
    .
    * Add patch to use File.open to fix the OS Command
    Injection vulnerability. (Fixes: CVE-2021-31799)
    * Add patch to fix StartTLS stripping vulnerability.
    (Fixes: CVE-2021-32066)
    * Add patch to ignore IP addresses in PASV responses
    by default. (Fixes: CVE-2021-31810)
    * Add length limit option for methods that parses
    date strings. (Fixes: CVE-2021-41817)
    * When parsing cookies, only decode the values.
    (Fixes: CVE-2021-41819)
    * Add patch to backport rexml upstream bug fixes.
    (Fixes: CVE-2021-28965)
    Checksums-Sha1:
    d157c9911db77f02c0d7a32d12de6f05b568d9e5 2482 ruby2.5_2.5.5-3+deb10u4.dsc
    c477ffe8f8ed605036df6c8892bd3c800b8e9722 10208264 ruby2.5_2.5.5.orig.tar.xz
    f1d779f5feda98ada6063ac8973175695b4ba191 134840 ruby2.5_2.5.5-3+deb10u4.debian.tar.xz
    08140baa34ab50a0b398023a590c8181bba77a01 6538 ruby2.5_2.5.5-3+deb10u4_source.buildinfo
    Checksums-Sha256:
    4f24aabab7c7000a37c467d136695539875265b59520786982886e0c8cffe621 2482 ruby2.5_2.5.5-3+deb10u4.dsc
    a49a222bbeeeb0191ae043a509cd05137869f971a33fef74d3c0aaae95170877 10208264 ruby2.5_2.5.5.orig.tar.xz
    cf9d286b71862c68b6e55541e03cca49584616b68d5c61da284c42e19c07f9d0 134840 ruby2.5_2.5.5-3+deb10u4.debian.tar.xz
    be6690c1e64e215331199052d69a5fa6854f44a4fe49eddfb701cf6117c09874 6538 ruby2.5_2.5.5-3+deb10u4_source.buildinfo
    Files:
    e0813a39715345d3539f21bae969eacb 2482 ruby optional ruby2.5_2.5.5-3+deb10u4.dsc
    9a1922884905ac8be7ddf8de1408472d 10208264 ruby optional ruby2.5_2.5.5.orig.tar.xz
    48083b8970b0941357f2e6b5ee7a33d5 134840 ruby optional ruby2.5_2.5.5-3+deb10u4.debian.tar.xz
    1521a65a287b3c704f56597bc4f4c80d 6538 ruby optional ruby2.5_2.5.5-3+deb10u4_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmH5IwYTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlv33D/4yPVUr2cC8YyXwoBPo65tc79Pz9pII 6JSro6hVyqkv1NKlc0kcuqhU1RlMuJS+2QooswW3HfTziniM+ryZ/Ya2g0jxaq1Y esgWi2cDdsf1kC0cDaAfMzSAaM1K4qUo/7cYEcFqfWYRTBTlAaMrz7Urwex+azjl 49DC1/iPg8Lc/nH3YDu7aNH2e3p3iAPl01Gdf/+3WCrzB0VWQHwCOPPKdXnC4O1w 5iY0bqtAg8kz2Yq6Q6qwQFKNsIZhb+yB/KTABUsDA++Q3MCr3Fzy9IM/P+9Zhiev iRXYnDNNzfAevwXvz3K+D97Athf1tZlhXaaM1gdZcY80+28+124B+/CueGl+UxtQ uu+sdJUjk2FiGv9LdjdD73yrK35zRruNWE1aNhTwZDuP1xYgwADSuI+hJXrvaF32 pWI52/EG6alz1/XJCyfJ0KHffNJNMs9zA6H8ZIyDpO0+VOUEl/vD6Lb3il+O0omD j61Ykht1lvc6GMFcHvd8vCcf50VN04JCfzYwVF/q2djQ6wZUCY8eOqJGqjb8EKjB p9m8RRP7iGLvZJNcumsw8U5p/+ruzOEexdZBDr9reQB9EhhyqW/F0MvQc/6i/wgR KjpTBb7IqrbkidYQXH3cdPnL6GPFJaN+Yu/vAdIzyp4xUa2A2qDfBWiq1uuTEUjb 1i5ZEQlAu7s9uA==
    =HQW+
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)