-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ruby-sprockets Version : 2.12.3-1+deb8u1 CVE IDs : CVE-2018-3760 Debian Bug : #901913
It was discovered that there was a discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker could take advantage of this flaw to read arbitrary files outside an application's root directory via "file://" requests. For Debian 8 "Jessie", this issue has been fixed in ruby-sprockets version 2.12.3-1+deb8u1. We recommend that you upgrade your ruby-sprockets packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltHH8cACgkQHpU+J9Qx HlgwoRAAsUimgKPa3g0/nHuYyX+T/J/qnmbtNTHb2fuOyTgR4UD7Ms3iY5DX8dR2 6Dtq1s7IHJmV6MOLkWo1l6hliLtIjJbM9KVaiRSgzQNeamM1Ph5NpLTrWFTYiMKj iyouN6XbWzQQvgJm6riKTpl59R/NW/v6JfiLeDNeXToXA08mq/fyIARiaF+te3nw chkGimjGjjcSsuYQmXU5TbVEdvIkTbDGSc95v644z7pLcz3cYxsoeg5Ar9ypHldd wgf97xWhK8eawIyYRUzpMifkuNM2xa57wiwVdKjoRouBqNAnHrjUxEndiVGJAWWT 7wQbFfMPhNvApwpBbTchR4h6Ux+M3YM/+hEuDUF0v3QsUoORuxMVd4qLjD1nn41j YMKUrLaju7rM/lYI5tJCoU7bAI24wzKE8sjqZvEYzmzUPNLnge+kRb7ap/XK5FUn Ebtp4VFcw6YH/MYbxYpc1gQttdfFAW1sRIX2TzOAp95p5kY5w4ASfUnWLgth5vGr FgNN5liP26kLREBuble746C0SKJkw5exOzmQbbeu/3KXGHNfvYTf4YQPGI44UoXu HfmL0BInK1Mf8+bED7VE2DbS42ujqK9rq6ptRtzba1CC3pYA512nA8O2DAvEKb6p 9PRm9OG8ZEWZhVYrDSWuqYxij5mOD3k8uExWf1BreUP0TVpExwg= =hBjz -----END PGP SIGNATURE-----