[SECURITY] [DLA 3150-1] rexical security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3150-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
October 12, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : rexical
Version : 1.0.5-2+deb10u1
CVE ID : CVE-2019-5477
Debian Bug : 940905
A command injection vulnerability was found in Rexical, a lexical
scanner generator for the Ruby programming language. Processes are
vulnerable only if the undocumented method
`Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user
input as the filename. This vulnerability appears in code generated by
the Rexical gem.
For Debian 10 buster, this problem has been fixed in version
1.0.5-2+deb10u1.
We recommend that you upgrade your rexical packages.
For the detailed security status of rexical please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rexical
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmNG0s8ACgkQDTl9HeUl
XjCtXhAApFUn4K3bXYJ8UjIg7UWowFZX2HNKsxfYTJAQfWsMlPCkCct+crq4Yjri
urdqwgNgvvV91M39w6nSCSztGlNiPAOrBy7sVAahaKs6EJcREo+6zdwzqe510mrF
2dXUaXU075vEvDhYgVvYHUDxOy5INBeQvYBiPOtIaaFEbIx8sTelLwFFvc2JRRUO
M+a5hUaY51s0/pwfBJVfZaDGlM7BfDQBT4/6N4koSiHWCWWBnis8IS2vJlj8C58F
y87s5hicLduS4jJ2ek6mdrunoCaZV26QrR7yp79xshoDFVILgqY3EfKWzQumE8EU
50tjQkVP7bZrsy4L3RV+4zkvovrnRgsItn0DXhDaCgH/NdQPgJ5EJnSG+psBbjzm
8X35+hqgzTL4G7nHmDB8KR0eQWbtaqRwHs+yTPkAAngz4XlPMFaJOHd3cJjcZ0FI
FaLj/KsjxLrOSxH4tG9xPhYziwZtAyydTEpbyHMpNtgcs8UuEdIuvTZ9fOlI59rl
mdBU8GIbT7Jc2IeqQglOYFEXcrI5AjcWEk/FQNWQWlVFXl/4q0avOVUZpwUnRKwp
vjTE0M1QdAkXUJC2+WPf+Xe/qcCbwjAW5wTs9R/JVaxpSW/0HZry9OTaoLEf8LOI
tn73TC+LaPvlxT/WFxSeoxNnmZy1DG+kivfmqktdX60n4GIzVmE=
=z82s
-----END PGP SIGNATURE-----
Reply to: