-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ruby-nokogiri Version : 1.6.3.1+ds-1+deb8u1 CVE ID : CVE-2019-5477
A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Ruby's `Kernel.open` method. For Debian 8 "Jessie", this problem has been fixed in version 1.6.3.1+ds-1+deb8u1. We recommend that you upgrade your ruby-nokogiri packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl2MDU4ACgkQKpJZkldk SvqM5w/+PAIhJC4VWaVsKog/4lKy/1it0Av9DUDobEmVTifN1gjEFmnQaed5HNod 9YCKkLcylUcE4e0sByGBuqcvhjCVLvUvoNtlVMVxYcTjpGH1mLCcerMKO81cDi9J vCL0H7CJDZVDVW5Sohk/UT776mS0lOfI4N4tKB1couAEO6AUNMsC3EzdzPaOXAQv MWDbo6B3HYK1Dr76AFkDqMAXNeU2LLNxzumAiGXgTnsZ2pPqpSKy49E8DKVSVaN3 yzUfdaw4T3jGAdkm0DGJHxSnFEFAeEpj7HOOpPOVY6SiazFgRN4w0zWquHxgeypQ WwvZPnZ++hZKNm/iwEZzazzUODf3+A9cvFBzoKDgwYUFW3GGAQ3Sxjo8FF/NqdsE oRtN/cU8aX6LL1PC+mqthpwKIGaI/mJqZOLW2N5l6aH6HESVpS+8LdfpEcaLCfr/ 9ZzHhd0OMK6jmqSMVXVwLLf4ZVdu7f5WIhgCG2jN6Mn9pNOpgP5ZqpACdXigfr47 aW0OSwySJ+cAk03ThgDu1YrsHk/OVtb+36J7lmbN7KZMWSSfFgqOcZl6BPRtE1uf 6YfAN7c1PgnLbzTyOF00nY6sc2V/PHPEu+mnqda5M7u/c42oczgKkIsU80rNUWEZ zu9Vp9/ExKCd8L6mbWP5gvCqmy+4fPoKeiO1me3oNFUBZ0cVVVg= =0wXO -----END PGP SIGNATURE-----
