From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4283-1
[email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 31, 2018
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ruby-json-jwt
CVE ID : CVE-2018-1000539
It was discovered that ruby-json-jwt, a Ruby implementation of JSON web
tokens performed insufficient validation of GCM auth tags.
For the stable distribution (stretch), this problem has been fixed in
version 1.6.2-1+deb9u1.
We recommend that you upgrade your ruby-json-jwt packages.
For the detailed security status of ruby-json-jwt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-json-jwt
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAluJuAsACgkQEMKTtsN8 TjY2vw/9GBrt/9S0UrG4r8RgZq+TquStkLp+vc4SFTn7Ahbky9wIqaO+AJ+MnK5M MtVQDSpL/OP16S6AAJW3s9Wkb58s0HKa2gc7XQ41y6w7Lkg0yO5wvWRTzPWzIdit cAf9J0uviWqCfDNxDkxrgoe8vKAhkFhRWm6kUKnsUwS51NN6DOVLjhn9pDYcI9cd vmYyRdTHJZIIFBUvu9KFRa9BqAupu7G7C1E2NoGyWyv1DjFsHcSdvF0l9+b9BDxp B+liySB8pHVuVTFp0YciRSGXm1suXdNLUWl4mf/Ie2IVyuI+OTgBrUUAMngrU8TZ WY/Hi3X53mepm5oaUl8rgJgwRnyE1aqy49kGM7mQWe+b0Bp0YlvEMmO1Z2BD5mMF kg+ZRYxsca4s3SzI/yUiNxMR0PYtB+486sAO6g305BhmmDb13JxnlPFe/8W/umFn wIYhW5fRJk6ChkfoZMktpBttkLf7uIB8fSgAWnSfAHPZBeCltbQEXqpIZ9NU1l+U gy8LuTcWKsdQeQGqkYZ2ygeUshTAny++59EDFZHgTNRjYanCcFBdxgsW8EpFO8m3 CMPezkUb5Schaq7Wq5qWdf8J+rNXHZ0Os+v+frzXnK1UbA6PBD+3awz/xSBg3qei igmyiJT1oOSFThGzcA02Ktd/ka27ujivYguMH+yVE/DYGiQfZrs=
=DZhD
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)