Debian alert DLA-1113-1 (ruby1.8)
| From: | Antoine Beaupré <anarcat@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1113-1] ruby1.8 security update | |
| Date: | Tue, 26 Sep 2017 17:16:42 -0400 | |
| Message-ID: | <20170926211642.fmd6omyvpgdbiayb@curie.anarc.at> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ruby1.8 Version : 1.8.7.358-7.1+deb7u4 CVE ID : CVE-2017-0898 CVE-2017-10784 Debian Bug : 875931 875936 Some vulnerabilities were found in the Ruby 1.8 package that affects the LTS distribution. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784 Escape sequence injection vulnerability in the Basic authentication of WEBrick For Debian 7 "Wheezy", these problems have been fixed in version 1.8.7.358-7.1+deb7u4. We recommend that you upgrade your ruby1.8 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlnKw5kACgkQeSFSUnt1 kh76xw//X3A9hfj22LzAG80ow+oDC/WQx8cEBs3KS974ng2UIIV8O0Qpt2Fkl29K ue7aCPnc9GrmWeIAFO4xpmwr9heU4DcHlqPBxyCGTyWSUEvl4zW8AwByxr5WVCkV b+D6+gifS5pM+lE+SvqaoKD8NSmG3/IqoNstkoft6zTGhjF2L1nW1fxUqCoMcbVl zNz008op72pM7ZgzOVGmg7M7Xak0nohRrScUvhqXgfgdGv4XtYPzRHLVQ2Sg0nM1 myuxy9OcqQdoAy+VoU7KnremJsF9XFGgfPuFRdQLK7u2qxCcAKrw+B0wBxCS6dZG gTuDoXba/o8dkpRgmHGHuscQe0NxirgMRzysJ8bvUxpeF6aPvKR9rv5qlmvuSyvb MRq38ynO/KICXSgFJl8CETu6zHYPv1kV2LmnQ5F19vDnMRouIJyMTY+fGs4t2Wyw VrHNeQxed+ekDE9b4qvYCzR8sUO6S1bx/n3BO5l7WFLsGnUlTcv1nmQIu1dcGJgx vvplr7WA11M298YytCx8MQZ52IQXmmo9VGDqIYdh1oaUyl7tfFGEiPLMmtB9FQsz bYcKnogY8URyyhWsouuY2fBWADZEY4BuikI/Pm5WSPXi3GwcDX2XQDE+M1ia9kGC jo0sh/DkCfstWC9v3itpFCJd7uzxavA3vKlrCAZ9A2VL+QAqgHQ= =Snet -----END PGP SIGNATURE-----