[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2120-1] rake security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : rake
Version        : 10.3.2-2+deb8u1
CVE ID         : CVE-2020-8130


There is an OS command injection vulnerability in Rake (a ruby make-like
utility) < 12.3.3 in Rake::FileList when supplying a filename that
begins with the pipe character `|`.

For Debian 8 "Jessie", this problem has been fixed in version
10.3.2-2+deb8u1.

We recommend that you upgrade your rake packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl5W4/kACgkQYS7xYT4F
D1QWFg/+IjNoa8DUSKUPlUtaoCoVFGv8j2Hfo7ranLAbG3jV9WpMLZw7y4KPHt4v
QDDO5uXIzM5QmpkTuJPEl5v/k5FeoVOmzVF4J6fGO9HWNCYwZhu8g63OAv9HX3KD
4KZBbPITTPPAaDIDXut+UMfAtTD9TErGB/4Cc22QrdycE1BmlYawxOYoZ5FgwP/E
PJ/B0XilolaMO4q5Ith5VAYniRkN0DTnsm+VnTdBwDujlBkevfz90pbqVz4wwfNY
xpWPMy2Ki+rwYXRMEYe3BjWNG/4GeSSbDpzyYW3M3souhdJodzvCsg/N1Xo9Ziv6
Ds++DFxy5MtR7X/qluXYhlifhjHeocxAdeMAUlV7M9ssweVWWXUVJEaYNHdgLPxo
6bQsMdZGMMZiEr3byjMnYw9uSOEN0kQ9kRVc9Y1KxNHiZZ4rCA5rpGep889bBbQ9
R2ATzUH266YZYx87/PjHvnO/MAvJ/Uk/xjiunCKhV+Qml1Gh+IFQSk0/Nm9dUZhr
hjaAG8xCWuS4IZopD0/qqs6rDsp7dzdEDdP5NjZqdKY7wrWz86E6tMI54K1P+adu
gjfdDPdOkdWoBm9me7t259eAy2NtZdj+9vhVwonFHjt5GWGFFKzmz+oN31IbUpJ/
5UHoizfLW5E4E/TZ4Zeufwezj0NcwQ5TnOPxN/dd3Ph0/zG0eI4=
=Mtrw
-----END PGP SIGNATURE-----
Reply to: