-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 26 Mar 2019 17:12:34 -0300 Source: ruby2.5 Architecture: source Version: 2.5.5-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Team <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Antonio Terceiro <terce...@debian.org> Changes: ruby2.5 (2.5.5-1) unstable; urgency=medium . * New upstream version 2.5.5. Includes a series of bug fixes, most notably for 6 security bugs discovered in Rubygems: - CVE-2019-8320: Delete directory using symlink when decompressing tar - CVE-2019-8321: Escape sequence injection vulnerability in verbose - CVE-2019-8322: Escape sequence injection vulnerability in gem owner - CVE-2019-8323: Escape sequence injection vulnerability in API response handling - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution - CVE-2019-8325: Escape sequence injection vulnerability in errors * Rebase patches. The following patches were applied upstream and dropped from the Debian package: - 0011-Update-for-tzdata-2018f.patch - 0012-test-update-test-certificate.patch Checksums-Sha1: 2c7beb91f17cd583a4c3b76920f24a7e39ae55e4 2421 ruby2.5_2.5.5-1.dsc c477ffe8f8ed605036df6c8892bd3c800b8e9722 10208264 ruby2.5_2.5.5.orig.tar.xz 1c57de1486192baaa86f8f93fbaeed2c15c11ba9 116440 ruby2.5_2.5.5-1.debian.tar.xz eeebf0a9dbd2e00bcf36cdc195d991f08e899d5f 6851 ruby2.5_2.5.5-1_source.buildinfo Checksums-Sha256: 4a986fcf1dae88cc8269d87bb146a3de066e4af121c48b37a3d11f29729eeb07 2421 ruby2.5_2.5.5-1.dsc a49a222bbeeeb0191ae043a509cd05137869f971a33fef74d3c0aaae95170877 10208264 ruby2.5_2.5.5.orig.tar.xz 795b86926c11246b32c45cd3b1e1e313d05b539c59d0e6532fa407efcf97b5c1 116440 ruby2.5_2.5.5-1.debian.tar.xz ac52b1a5acca1bb1a37602f0c1f2fe993d88b0aa3e97996c707e1f3fc2816326 6851 ruby2.5_2.5.5-1_source.buildinfo Files: 5bf4141c17bdd54fbc1827a691a5023d 2421 ruby optional ruby2.5_2.5.5-1.dsc 9a1922884905ac8be7ddf8de1408472d 10208264 ruby optional ruby2.5_2.5.5.orig.tar.xz f30de28cadd7629056a2179a6524732a 116440 ruby optional ruby2.5_2.5.5-1.debian.tar.xz 87afd4e6ccac96150d7a1143eecb3d8c 6851 ruby optional ruby2.5_2.5.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAlyalPIACgkQ/A2xu81G C97GiA/+KAey/74XBLmVpWgN6og1TmxhWx6mz8aNgG8JRBppRQKNfhlB4rPNX+NZ fO8FiKqDf+yLyzvVWR6mVakHHSLCgGTiAiadTaCUt7zR/aYq3DvKhYTDWc6OdZD+ n3UHy3j1pMH2QiHiaause634N8istuZB6G/GycAYLSjj6F5FTaeMHqo2ngjCNGTz paNjHrB4sr8ImXz/yuuo1z8fl00drFt1xgPDrzVm0PjlspfZ/PL7PwxEVOnA6lPD ObQjHPMYXEXQh5c1TIaBgBevAQEmr4O7lfT669xxos6SnmGJC/Cjaj5eaOpTxjVl rEb414VTtHhe6xnczMZdrowPheR+DSXA2piRfD1vhZz2zLEpNNYWslvxFQXSqYsU X3uuKnQpdLyR/f7xY62tNce8zSSBSzfUFGRYOIOJySGLfDXR26p0m62gzS/9INik 8tqcU7xTdo4bMJzDe0EhKfAaE2nPPTq6/PcXU/xwwqqm6/1gNS9U4ShNRqDgDqh0 Jl81M0qIaoVeYOI/1A8wCBxtyfdsvP4Wat6GQhb00PkRFyCTNgVTAPyIfDeWeCQs bfZOM280HVo8TlgFtwFVmPTMApR12ZBqh2zBXhYHHlDVGR4yVSMcVXOUi7uSgawE Mov7lFziz1ufIGRoCqopJvlEJyuUt7c2MslpvNmsTdaIBOz+QSk= =JkUC -----END PGP SIGNATURE-----