[SECURITY] [DLA 1558-1] ruby2.1 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1558-1] ruby2.1 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 28 Oct 2018 22:37:32 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1810282236360.29801@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ruby2.1
Version        : 2.1.5-2+deb8u6
CVE ID         : CVE-2018-16395 CVE-2018-16396


CVE-2018-16395
     Fix for OpenSSL::X509::Name equality check.

CVE-2018-16396
     Tainted flags are not propagated in Array#pack and String#unpack
     with some directives.


For Debian 8 "Jessie", these problems have been fixed in version
2.1.5-2+deb8u6.

We recommend that you upgrade your ruby2.1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJb1iwcXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHOHAP+wQDizPQNewsBNmCFH0YqQHc
OHiA8Va0VYEiAOKp0IZ58g1aO47vLK7oasGHElToEL2XDJCMeaFaLr1ufl+sEtw8
BepPukafZmYmQof876gHE3mZXSYuwqxfiugJ44rzBeI7ToFVkVqk559V9+6CPUUx
WZCGEnylNg7vaD2zMwxk6/2gyg7JjyUiWt1+jo7Q9PkiAmZDZxuhEFvOnV2AANqG
8DkQC7WSNFl1jcuRL5aqdlsXw3yko/IUTqEFGudJ5YH9wb22aiz72z33+T52A5PA
fDwaSfgCJLFd9woThurE/qtH+n8hDd+hIjR+5p2qMnBk2c9gRLfYdtXhWpnaqres
A5kqy6zMBKO9Ay4lgqTvzHnNmoSlUFlwkqeZ0fgIkhgQoOTY0H6IhHJhl8Nu1dsq
/H9htsoTxuyIXo3ceKdt/ALZ5bXu4JoVGcNUoR/2J3H81VM937VUsp3+GxXsstrX
mEmyffs+BWictpA2dertA11/pIcc5G90MVJjxV4PFwCgEhHfF8lDJmMKC0vowYDC
VQuYxLg2rMonBqijWuVULZ4lI0/EV/dQFoPx1LTyqWVtTdqkQMnUuFwxSChvcnWh
ALVnPjyOVWNh5fjYu0FEWha1uCerAro4ZLn9NcItkqjE1lys5IsGCxkhvInn5TBM
CWG1l7Yt5unV1Iq2NUVA
=cyYS
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1557-1] tiff security update
Next by Date: [SECURITY] [DLA 1559-1] xen security update
Previous by thread: [SECURITY] [DLA 1557-1] tiff security update
Next by thread: [SECURITY] [DLA 1559-1] xen security update
Index(es):
- Date
- Thread