-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : jruby Version : 1.5.6-5+deb7u2 CVE ID : CVE-2018-1000074
An unsafe object deserialization vulnerability was found in jruby, a 100% pure-Java implementation of Ruby. An attacker can use this flaw to run arbitrary code when gem owner is run on a specially crafted YAML file. For Debian 7 "Wheezy", these problems have been fixed in version 1.5.6-5+deb7u2. We recommend that you upgrade your jruby packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrWes1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSfUw/9EySd9c4vTfZeUzuB7pS1SMI0uUFiK5/Sk4+L5wVdgjpDw4dSW2D/LEv+ ozFt1FptYFwaL7syG+TDJ8fTyq3YbsBydjYkBYgP94KpVXk0JyEgVB7gOSN0m65b xyR+4KeuGIhW1Lmgzd91dGK3qz5EHsaDIcY+faCHY0Fzx+ivjhp3fRm1J5TE3iBL qcihFks/MjpcjeS4T6s0aJnXeaNfaE+hi9xOudF1E6TjOQnusDP4NfWd3q4sEoSI ra2YP1aFZdb34APFN5oWBzsMvkp/hm0eKH/hB3pR/RxaQhAQFc3X0jvB0R6PT1c2 O69COCoP49E/b3aCghgsmV0GFQH69lRzr1ZE6bxOb3DN+gyYtmWYwkBgtSCkwoia taSfc6g3kAV+McikHICxbV+D90nxMNTr/q3AlLjOUqvMrfYhqavnS+y2Ek2rOhJm 3k4GTY6BbRMVZ/yUNV/RJGs4Nr9MBnyJMxjiGFxwnJDfGQRiB2nSYh4z7XPNkKVT DUx3nWM3hNo963LwPjGBI0ww+6fcu1Y50qHh/Nrie23e7nve2+a32Eh1ytNZ1V7j kp3QT0BrXRYLC+HbhOiDV4wvFlrH3e4/p+AfCo8F/fpziAmHwiuwvE01qvQ03ZR+ YMrC0DoJSXsFtcw5BjiNDPqrHs5SFnOw+AMgXLp6O5X897J3jzI= =Q1MM -----END PGP SIGNATURE-----
