[SECURITY] [DLA 2390-1] ruby-json-jwt security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2390-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
October 01, 2020 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : ruby-json-jwt
Version : 1.6.2-1+deb9u2
CVE ID : CVE-2019-18848
Debian Bug : 944850
The json-jwt gem before 1.11.0 for Ruby lacks an element
count during the splitting of a JWE string.
Therefore, there was a need to explicitly specify the number
of elements when splitting a JWE string.
For Debian 9 stretch, this problem has been fixed in version
1.6.2-1+deb9u2.
We recommend that you upgrade your ruby-json-jwt packages.
For the detailed security status of ruby-json-jwt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-json-jwt
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl91yf4ACgkQgj6WdgbD
S5Ymtw/+NHe8cTWW6PxYO3tJDPdhS/Ocj9hc/1Gj6Dam9TewJxSnCYY+Fzk0xcA6
394Jz0r7rw83UXOYfSN3t2gxpXh79NfMSFhDNfWq/+IvdjQRlF3z8S2UY1xuaA2o
cynqRHSjUU3JZ7alZ95/8jjTylcmE6JIucyfazF5aOvj2Wdp/PyMGgyDB8HqYCdJ
eiaprM4djs5xpkVjo9HDHkM0D1WjZbjFdUH7J65a5Sm8YpbtAmZ2qHZv4fdOqwq+
/NpZJfJxv5LQhY2gKM7mEiw7hkxuKtjle+1prEYqIITzh6R7P++XYTknQ/E5vXIv
DROg/y9dxxSfMYofSMX3VYcB1PjXh0EQRoLvb2Yf8Fwkw+pvPDmYHw8zgiIWEdAQ
VyaVZPgbQ4kbcDTBYBz7kilTFD/DoSI/VDifekAY2yscM/C29Shcf3YT+uWuET2L
roTKG8xLl+o7rAO37HFeGKdqn7oxZAgDHkoiSuTu+eps+nNt1Lj31EtkykepHa0w
jJ03L+YIXC3aJIOJ5Eo0d+xs0yVece97tCfqLOwd5xHlnlmAn29AOvYEsIStNZGz
7UZOTIDHPGVujTFkxPT/TWpfLciiPBkI7uhJ29xHoB7KLC7d86Hf32Y2SmR1wcFy
UKbFmsEMQG69TcQ5fpEj53FABtQp7P5y4SyBplFNNEvyNa043nE=
=iVkH
-----END PGP SIGNATURE-----
Reply to: