Accepted ruby-yajl 1.1.0-2+deb7u1 (source amd64) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted ruby-yajl 1.1.0-2+deb7u1 (source amd64) into oldoldstable
From: Markus Koschany <apo@debian.org>
Date: Wed, 08 Nov 2017 21:10:14 +0000
Message-id: <[🔎] E1eCXby-00021c-7L@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Nov 2017 20:27:02 +0100
Source: ruby-yajl
Binary: ruby-yajl
Architecture: source amd64
Version: 1.1.0-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 ruby-yajl  - Ruby interface to Yajl, a JSON stream-based parser library
Changes: 
 ruby-yajl (1.1.0-2+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2017-16516:
     It was found, when a crafted JSON file is supplied to
     Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in
     the yajl_string_decode function in yajl_encode.c. This results in the whole
     ruby process terminating and potentially a denial of service.
Checksums-Sha1: 
 013ec9d294a0487404f312f0f9e0f9fabf359eca 2294 ruby-yajl_1.1.0-2+deb7u1.dsc
 63746e6ddf9200f3276d9934fe49a76905ea1320 572261 ruby-yajl_1.1.0.orig.tar.gz
 4dbc7b6a0087c4dd9880e27bbbd571eb6690e0c4 4721 ruby-yajl_1.1.0-2+deb7u1.debian.tar.gz
 b74d56345235d0fe45b28cf9cc52360b83a46660 68590 ruby-yajl_1.1.0-2+deb7u1_amd64.deb
Checksums-Sha256: 
 3745c98e8f473d6c981840b3efbdf23bbd81a1da676c3f801a6f31b8f9f5a72b 2294 ruby-yajl_1.1.0-2+deb7u1.dsc
 fbcb3848aa5d32a414710f56b829d5c3141a7c216961545a0a7536b45dc5b6d7 572261 ruby-yajl_1.1.0.orig.tar.gz
 7987034f15bdc1c89ba6272114a9b18f79a59bd24d63ca7915b437a6c36697b3 4721 ruby-yajl_1.1.0-2+deb7u1.debian.tar.gz
 7dc3fe87e063a3e51b40da3e8b003ffb04751fa0d7e4a20f9ce706dc45ee337c 68590 ruby-yajl_1.1.0-2+deb7u1_amd64.deb
Files: 
 980d730fa998638945b5d96f2d4d41a7 2294 ruby optional ruby-yajl_1.1.0-2+deb7u1.dsc
 748969938fe0afd418d7b593eafb2f2a 572261 ruby optional ruby-yajl_1.1.0.orig.tar.gz
 06abc6a6a5c5680b3d80344060287f2a 4721 ruby optional ruby-yajl_1.1.0-2+deb7u1.debian.tar.gz
 47582f06ea652fc90410cdc7948f618d 68590 ruby optional ruby-yajl_1.1.0-2+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloDb6dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkyToQALW6AxLzHgJeIDXezLsiLy1qacENfNbT6tk/
wUqL77GLDjE4kZCsgZIb6LVFRUI+y5Idbou6XdV2DiOOUCbLLy8YU3X9lB6e1aer
QUEOaGmc0tPnAK1vAAH2GjJhPn7iDFrYuTslRuiaQ5WG5jM26AiZrhbiv7TfGTqS
yIYJRz7do9WCBnlzyW7cB1rcqeIQXc9QQH51n7jEptV2HWNLwflck98hFyKTVUDd
kk3H1hGIWu8SEpcnEtHr0wSXHgFTKq3faM8RPWyfN1BtsegBWrKVYdyhHUj62yBr
RULho/iY4SmrzTCAFZpShIbJHOO2fqnpDCjO11TVzd98bqHHMRApKnmDF9/0k+dK
mBC5znfpdk1QBsbazJdPE/jwA3a/6FsfVGmpr5bKgPgn3n/FZjcPwel/J4vfv15C
l0EpMBrgiE1ZxnYtPcTZvL2j61YcTZWMLGjs/7r7UMNpcObdw+OgKb/VuskOm7Nl
SzL7G1L6QbY0Xb2fzk4NfWjS6ejivLKVnk/3MvSU87D7vAXelrk5IjzhSVAdtunh
K14l7xyCOx7yIJ3aU0WNVDLozePychXyVLIc3jgfzvAmvil9clqmptSrx0hRawj9
UNdtJaGbjIZpwRbjF+FcCKZkrGFReRc2GDDDLWN3xljL41NShSgNAXtdqDQfk9F9
fhne9oIw
=mN3A
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted tomcat7 7.0.28-4+deb7u16 (source all) into oldoldstable
Next by Date: Accepted openssl 1.0.1t-1+deb7u3 (source all amd64) into oldoldstable
Previous by thread: Accepted tomcat7 7.0.28-4+deb7u16 (source all) into oldoldstable
Next by thread: Accepted openssl 1.0.1t-1+deb7u3 (source all amd64) into oldoldstable
Index(es):
- Date
- Thread