[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA-1419-1] ruby-sprockets security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ruby-sprockets
Version        : 2.12.3-1+deb8u1
CVE IDs        : CVE-2018-3760 
Debian Bug     : #901913

It was discovered that there was a discovered a path traversal flaw
in ruby-sprockets, a Rack-based asset packaging system. A remote
attacker could take advantage of this flaw to read arbitrary files
outside an application's root directory via "file://" requests.

For Debian 8 "Jessie", this issue has been fixed in ruby-sprockets version
2.12.3-1+deb8u1.

We recommend that you upgrade your ruby-sprockets packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltHH8cACgkQHpU+J9Qx
HlgwoRAAsUimgKPa3g0/nHuYyX+T/J/qnmbtNTHb2fuOyTgR4UD7Ms3iY5DX8dR2
6Dtq1s7IHJmV6MOLkWo1l6hliLtIjJbM9KVaiRSgzQNeamM1Ph5NpLTrWFTYiMKj
iyouN6XbWzQQvgJm6riKTpl59R/NW/v6JfiLeDNeXToXA08mq/fyIARiaF+te3nw
chkGimjGjjcSsuYQmXU5TbVEdvIkTbDGSc95v644z7pLcz3cYxsoeg5Ar9ypHldd
wgf97xWhK8eawIyYRUzpMifkuNM2xa57wiwVdKjoRouBqNAnHrjUxEndiVGJAWWT
7wQbFfMPhNvApwpBbTchR4h6Ux+M3YM/+hEuDUF0v3QsUoORuxMVd4qLjD1nn41j
YMKUrLaju7rM/lYI5tJCoU7bAI24wzKE8sjqZvEYzmzUPNLnge+kRb7ap/XK5FUn
Ebtp4VFcw6YH/MYbxYpc1gQttdfFAW1sRIX2TzOAp95p5kY5w4ASfUnWLgth5vGr
FgNN5liP26kLREBuble746C0SKJkw5exOzmQbbeu/3KXGHNfvYTf4YQPGI44UoXu
HfmL0BInK1Mf8+bED7VE2DbS42ujqK9rq6ptRtzba1CC3pYA512nA8O2DAvEKb6p
9PRm9OG8ZEWZhVYrDSWuqYxij5mOD3k8uExWf1BreUP0TVpExwg=
=hBjz
-----END PGP SIGNATURE-----


Reply to: