-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : ruby-yajl Version : 1.1.0-2+deb7u1 CVE ID : CVE-2017-16516 Debian Bug : 880691
A vulnerability was found in ruby-yajl, an interface to Yajl, a JSON stream-based parser library. When a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This may result in a denial of service. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.0-2+deb7u1. We recommend that you upgrade your ruby-yajl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloDhhpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTBJA/+PJWkDYYIwEJFWlOVuAh1Fw0LhJMcC2zvpsntzznnKd7LquKn+pEK4wRX D8ymltb/LtkMtzPWTVvmLiKL7a6YlhWzqZiJ+tDMgS6oOdcUVwGTnXlcVc8wv1xb OTYk6eUKVu71tpYEdcKRlOa9nB61GwRWp9jb0fjjC05SW0nXq2C7J/ovhUUEW9C+ jaBJo+eghpKK9fUm7v4uPagatz+7De7WQZ+h81853X2kp08U7d5a7zu59liAaRgl RlupNlhpfFNFJv0RT4UJkYXfV30wvDZEPK4DZnjavC3P5m9pzeJRv0oy4TIr9dDt Fux14wh1NulAtNW5ymUnG9SmGt3LrY5uVLZCAxISvQ8XUBMQxShO29Eow9+0tJMa EECxoiCnwI58BDRqwz/DYqR2xTQTNwhrBn9PhKtGVLX4fkkq1Ci3bs/y4ntnkfyT 5U2ikVqsN/gcaDm0uy/ggGrk66hrAJBsWkD9Sf0+8S0RIRSeVtBn1THnGJA7aMlr 44Z2MAH66BXCsZieIwulaAQd+KsAJLMFSyaNtp9WwT6+5IDqU+SI+nLMF2F48f0+ fTgH4mgA9LHJYnFYuR2rSUOp3TlKng+OE8/Os26NT/RAzV14KPz5k61HiG5D1H4y gu1c8nAl+6Mf3430480hL23DoV4mt6LL1w0XtVb7JFdO5O50lT0= =Q612 -----END PGP SIGNATURE-----
