-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 26 Mar 2019 17:12:34 -0300
Source: ruby2.5
Architecture: source
Version: 2.5.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Antonio Terceiro <terce...@debian.org>
Changes:
ruby2.5 (2.5.5-1) unstable; urgency=medium
.
* New upstream version 2.5.5. Includes a series of bug fixes, most notably
for 6 security bugs discovered in Rubygems:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response
handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code
execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors
* Rebase patches. The following patches were applied upstream and dropped
from the Debian package:
- 0011-Update-for-tzdata-2018f.patch
- 0012-test-update-test-certificate.patch
Checksums-Sha1:
2c7beb91f17cd583a4c3b76920f24a7e39ae55e4 2421 ruby2.5_2.5.5-1.dsc
c477ffe8f8ed605036df6c8892bd3c800b8e9722 10208264 ruby2.5_2.5.5.orig.tar.xz
1c57de1486192baaa86f8f93fbaeed2c15c11ba9 116440 ruby2.5_2.5.5-1.debian.tar.xz
eeebf0a9dbd2e00bcf36cdc195d991f08e899d5f 6851 ruby2.5_2.5.5-1_source.buildinfo
Checksums-Sha256:
4a986fcf1dae88cc8269d87bb146a3de066e4af121c48b37a3d11f29729eeb07 2421
ruby2.5_2.5.5-1.dsc
a49a222bbeeeb0191ae043a509cd05137869f971a33fef74d3c0aaae95170877 10208264
ruby2.5_2.5.5.orig.tar.xz
795b86926c11246b32c45cd3b1e1e313d05b539c59d0e6532fa407efcf97b5c1 116440
ruby2.5_2.5.5-1.debian.tar.xz
ac52b1a5acca1bb1a37602f0c1f2fe993d88b0aa3e97996c707e1f3fc2816326 6851
ruby2.5_2.5.5-1_source.buildinfo
Files:
5bf4141c17bdd54fbc1827a691a5023d 2421 ruby optional ruby2.5_2.5.5-1.dsc
9a1922884905ac8be7ddf8de1408472d 10208264 ruby optional
ruby2.5_2.5.5.orig.tar.xz
f30de28cadd7629056a2179a6524732a 116440 ruby optional
ruby2.5_2.5.5-1.debian.tar.xz
87afd4e6ccac96150d7a1143eecb3d8c 6851 ruby optional
ruby2.5_2.5.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAlyalPIACgkQ/A2xu81G
C97GiA/+KAey/74XBLmVpWgN6og1TmxhWx6mz8aNgG8JRBppRQKNfhlB4rPNX+NZ
fO8FiKqDf+yLyzvVWR6mVakHHSLCgGTiAiadTaCUt7zR/aYq3DvKhYTDWc6OdZD+
n3UHy3j1pMH2QiHiaause634N8istuZB6G/GycAYLSjj6F5FTaeMHqo2ngjCNGTz
paNjHrB4sr8ImXz/yuuo1z8fl00drFt1xgPDrzVm0PjlspfZ/PL7PwxEVOnA6lPD
ObQjHPMYXEXQh5c1TIaBgBevAQEmr4O7lfT669xxos6SnmGJC/Cjaj5eaOpTxjVl
rEb414VTtHhe6xnczMZdrowPheR+DSXA2piRfD1vhZz2zLEpNNYWslvxFQXSqYsU
X3uuKnQpdLyR/f7xY62tNce8zSSBSzfUFGRYOIOJySGLfDXR26p0m62gzS/9INik
8tqcU7xTdo4bMJzDe0EhKfAaE2nPPTq6/PcXU/xwwqqm6/1gNS9U4ShNRqDgDqh0
Jl81M0qIaoVeYOI/1A8wCBxtyfdsvP4Wat6GQhb00PkRFyCTNgVTAPyIfDeWeCQs
bfZOM280HVo8TlgFtwFVmPTMApR12ZBqh2zBXhYHHlDVGR4yVSMcVXOUi7uSgawE
Mov7lFziz1ufIGRoCqopJvlEJyuUt7c2MslpvNmsTdaIBOz+QSk=
=JkUC
-----END PGP SIGNATURE-----
