-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : jruby Version : 9.1.17.0-3+deb10u1 CVE ID : CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-25613 CVE-2021-31810 CVE-2021-32066 CVE-2023-28755 CVE-2023-28756 Debian Bug : 972230 1014818 Several vulnerabilities were fixed in JRuby, a Java implementation of the Ruby programming language. CVE-2017-17742 CVE-2019-16254 HTTP Response Splitting attacks in the HTTP server of WEBrick. CVE-2019-16201 Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication. CVE-2019-16255 Code injection vulnerability of Shell#[] and Shell#test. CVE-2020-25613 HTTP Request Smuggling attack in WEBrick. CVE-2021-31810 Trusting FTP PASV responses vulnerability in Net::FTP. CVE-2021-32066 Net::IMAP did not raise an exception when StartTLS fails with an an unknown response. CVE-2023-28755 Quadratic backtracking on invalid URI. CVE-2023-28756 The Time parser mishandled invalid strings that have specific characters. For Debian 10 buster, these problems have been fixed in version 9.1.17.0-3+deb10u1. We recommend that you upgrade your jruby packages. For the detailed security status of jruby please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jruby Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmRO1mAACgkQiNJCh6LY mLEQLRAAvxLEfO+mmRT5U57RfK6OG6r9lrHwkR1wjSkBhuvnQpoNs6npgT47xVdt avPQYwwu9wL3Tb02NmlBKRmv1UWDo1xQTL8ows++4V1QakLnUsv1K84VSQkFCmBN cWSQwIbXHYgL0HU/LqadlCmn8+NwAJJZLZ8/TCtokgAfiuEXKJIaywzHmA9iDwK3 SFvGA1lxKZo+xbNqJhsyIUxmi0ukn43dMiqxqoeMSuZPlaG9EBvyIXNN7ayktjfR cnZDr7EaB/W+CjHWECXJkx2gPoRYNjb3CtxsVP7kBXxYyUZQ0dcDxJi+N2wabYic GAsv8YPPqCzIYXjXsDI9IZop1zQ86XM2hu+64XN9eI56k+gev45376vFjlXIFeYA P9JwmYS9h6Ru1kvqShFxHULpPMIOMFMakDmxtFuW3NyjG5GYlWvnYs7jTC7OYP0Y vvBP3f35EtBsP+/ksVfLxH5e1jbk43lnD1poiJe8UzCB5maYRUSZ1/A8BgQN3lFc AuZWnKwOcXrjtnD0wki1h6864Hte3BpvoLGa4DwQu6RJGrOuJoHy++aRI87UIcHZ hRd3VDdXABGT3pZp+D2b5QDUrS1TtOaATfmQxAaAghV+i2JNrwT2PF477m3ecJ5c pSGPmcH+5zF+9tVjQ+FmbmBs1r5nB8+U7gizq9D1ubvxuE0EuRs= =6QoI -----END PGP SIGNATURE-----