-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 09 Dec 2019 21:33:31 +0100 Source: jruby Binary: jruby Architecture: source all Version: 1.5.6-9+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: jruby - 100% pure-Java implementation of Ruby Changes: jruby (1.5.6-9+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-16201, CVE-2019-16254, CVE-2019-16255 and CVE-2017-17742. Several security vulnerabilities were found in Ruby that also affected Debian's JRuby package, a pure-Java implementation of Ruby. Attackers were able to call arbitrary Ruby methods, cause a denial-of-service or inject input into HTTP response headers when using the WEBrick module. Checksums-Sha1: 57f8042f7515e23d0498bf22acd178f941609e67 2494 jruby_1.5.6-9+deb8u2.dsc 5acc12215e0d46b075e89fba1d810060a4203674 39092 jruby_1.5.6-9+deb8u2.debian.tar.xz 8937bf1b1d92e0736a2ef4797784aec27e2fb7b9 7829904 jruby_1.5.6-9+deb8u2_all.deb Checksums-Sha256: b68453839d5687d709708b539a0c0e93b2e5d2d41fb336f33c00a722c5b01f1b 2494 jruby_1.5.6-9+deb8u2.dsc f59bf5705ddd67ae5dcf237febf6f8d7524d65863198fed7aad76b5a4f70f60f 39092 jruby_1.5.6-9+deb8u2.debian.tar.xz ed29fbfe9f79431d571c9f29510006b364e892c2bb3f90624017a1dc57ed9b12 7829904 jruby_1.5.6-9+deb8u2_all.deb Files: 83c22a6ec0eec64d303e1ab0d837d241 2494 ruby optional jruby_1.5.6-9+deb8u2.dsc 3957020d914ea2a96ddc4a43d4a79cbe 39092 ruby optional jruby_1.5.6-9+deb8u2.debian.tar.xz b238a60ff32d5f8e161b63b8e2edf2ed 7829904 ruby optional jruby_1.5.6-9+deb8u2_all.deb
-----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3viIhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkMFIP/2iuk7IF+PXW+l7eL7+ebBHL2W49QdGWcPsh gwAf9IBvYBR0XyNm4+GwoD541bPF3P2rgQBkf+Ia6bja3AkjOcdWI21Z55LxRkze uWaD+YqG+z5tMDH9gpfCHntegWpm7j3S7FXvVADTAUtKbg7wvVzhSEtvHmC0xqED ryC89WYUoiASfg/DY+CImMes6SpRS1PCF3tC3WWKONS8fjBVw2ovT/7jPK+P9I0K wC/r3WF03wA9LGkhaH175ZNMrIu1Rp6h55oTCpNYNcWPWnRY7YdmqlenzbdreSkn zL941G81RmGJ0TmYrgeYd5FoiqdGziLtVZTFG3871rigxN0YdOJdwoU5c+0xeQiL nN905SCrzeyrbnotOSkqCj7c6gqBGEu9K60kuokzVrCIur3HRzz9LreLqtMIwFzK c2GDOgL0GtZvKVVHjv5QyBa+NYJ5Igiy28LkC5MF9TI9CH2Jk0EGrj5HstOTlARf LGpJl3VM7hR1TWgpouF6ZQeWgIcmdFqn1hI5z46+E8T4A27BFmWanSIxkG+5msBc Pd4mYedXtRxWegvLfC7bae5PqusNvKyR+qsdUxMPMtZe2+eA4pKdj2jGOjTjMPjX 76QTNjcXjoe1U3J7Lu2TfO+lOGtM1I8CjmN82w4HxZqG0rLQs70LVfR+k3nSPMOS khHyMp7e =OkFS -----END PGP SIGNATURE-----