[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2070-1] ruby-excon security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ruby-excon
Version        : 0.33.0-2+deb8u1
CVE ID         : CVE-2019-16779
Debian Bug     : 946904


In RubyGem excon before 0.71.0, there was a race condition around
persistent connections, where a connection which is interrupted (such
as by a timeout) would leave data on the socket. Subsequent requests
would then read this data, returning content from the previous response.

For Debian 8 "Jessie", this problem has been fixed in version
0.33.0-2+deb8u1.

We recommend that you upgrade your ruby-excon packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl4kUJkACgkQhj1N8u2c
KO/URw//fKbiyQsnrYihOa/DSCRF3D2HG/kj+yvQahIscUaepbWJgW43ogHBn4Hn
R1ic2e81Wmq7LVZVjg9+yoeugkqaWaoe/oFIGXJw2LRmT5luiUyCz+dcqqC2VtSk
BwyS4Uka+s5HHz/1SHWpI8joo/8mVS70QTYqVIx67WOlGhNAuCMaYO5+APunr09v
xt+2qM/KHeqXoRelLhWRBd4N22q6w3spY/HEKGh7AFChj5JQ8p00rUS9+XLZKQxg
ptpHCqa8I9cESJtWInEY+QU6egEXUJJBrsPyV1jN8rcaHXw8BQSahK8ObJFkNBSM
HhcTa+DltwLdKOXZDL4crTJSkTjjm/WxW8gtB9zlk2l9sXLl8ofuBXaNanr9Qslr
dA+OQYUxFmlsNq1go74cCdu9m1oHktlxpxs0We+lNwrYCbGidP2X+XtP3Z94n2aD
Z2JhzEjwP+5vy5GITDLXu2xM7WKzSZSQIJmJppQdl9pxayEHmjRgZ54pwy0Nmm/4
Qs/Pa+BFXTfi7JT/cfO0Lp8EcD1FjCcEi+0XUep/YvOO7B9Vhc1/JJXbO/IImAoL
RZwNO0vfcrRedjSNN7j8AQ35jhOFnmIC2zuKOLKQawsJzncFOcWr05n9DcMhiIP0
ndjSCBezmXNpK1kEOeUdZc+q1xbOcEOx2yGH0KhcOV1FXYk6Udo=
=03Pu
-----END PGP SIGNATURE-----


Reply to: