[SECURITY] [DLA 1114-1] ruby1.9.1 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : ruby1.9.1
Version : 1.9.3.194-8.1+deb7u6
CVE ID : CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901
CVE-2017-10784 CVE-2017-14033 CVE-2017-14064
Debian Bug : 873802 873906 875928 875931 875936
Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor.
CVE-2017-0898
Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-0899
ANSI escape sequence vulnerability
CVE-2017-0900
DOS vulernerability in the query command
CVE-2017-0901
gem installer allows a malicious gem to overwrite arbitrary files
CVE-2017-10784
Escape sequence injection vulnerability in the Basic
authentication of WEBrick
CVE-2017-14033
Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064
Heap exposure vulnerability in generating JSON
For Debian 7 "Wheezy", these problems have been fixed in version
1.9.3.194-8.1+deb7u6.
We recommend that you upgrade your ruby1.9.1 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlnKw6QACgkQeSFSUnt1
kh58ug/+KLoUc2eV81pwVpCSZbExrMh1s26XmF/EmobOO70gp6vpUN1rpDn/jV6W
4y7gzviUUtIJ7de2EV6U6YfohBbKZs/PHis+uGfblsYUvWsROETonJh5O27ggMn0
fQ9U0shBRrUogvWYB6/DasjAn7EyxQMvaINBgC6oMIl0n4AzfFW31TAbOTYBxddD
I5vy+hC6KfpAUjVxW+qMEfTcZLVAwFDKYnSJa9soCvJgL1xmTItDq4l2a16IoGR+
qB0KdtPCap7yKieTm5Lo8HJYx11z80Q2Xt35jCHjMd4dPqGXjg6sbdT3AsWfF4XR
FprHrno/ynIsR+BquSauDSOWx8Y/DCj43ZK09a6DH3C3yxFA4c2uCcVZUm6awY0s
nWPl6uAFH5zyiaEIEU2VjgGZickObr6FP5ekyyZL4PUd4aPyNJ2EELypDok+DJYd
jVvIsFxIINc86UJayrmVG6nchOaVP/WnKdo+O7DGSfwcpTKXhrdGi0C7jx1mI9Dk
IuhB7Q+/KinBcw4SRqveyLpg8j0gG/99xgn+Nt7UrYZU5kfRNP0b5QnzsjbYM0LH
Bhouq4ID1//guAGh6N7mzIa9qvwqaLiehiX4JHufl+axTSVQRO09wJBsH5+Q54X9
CN/VAVHFN/5bRxiI5Js46LI8N2YQYBLw2NIhbhGfwFJ27qVbNH4=
=E5Rs
-----END PGP SIGNATURE-----
Reply to: