[Monitoring] 2 Debian package update(s) for quigon.federez.net

apticron report [Sat, 11 Nov 2017 22:38:06 +0100] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: libruby2.3 2.3.3-1+deb9u2 ruby2.3 2.3.3-1+deb9u2 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour ruby2.3 (libruby2.3 ruby2.3) --- ruby2.3 (2.3.3-1+deb9u2) stretch-security; urgency=high * asn1: fix out-of-bounds read in decoding constructed objects [CVE-2017-14033] (Closes: #875928) Original patch by Kazuki Yamaguchi; backported from the standalone openssl package * lib/webrick/log.rb: sanitize any type of logs [CVE-2017-10784] (Closes: #875931) Original patch by Yusuke Endoh; backported to Ruby 2.3 by Usaku NAKAMURA * fix Buffer underrun vulnerability in Kernel.sprintf [CVE-2017-0898] (Closes: #875936) Backported to Ruby 2.3 by Usaku NAKAMURA * Whitelist classes and symbols that are in Gem spec YAML [CVE-2017-0903] (Closes: #879231) Original patch by Aaron Patterson; backported from the standalone Rubygems package * thread_pthread.c: do not wakeup inside child processes Avoid child Ruby processed being stuck in a busy loop (Closes: #876377) Original patch by Eric Wong -- Antonio Terceiro <terceiro(a)debian.org> Sun, 22 Oct 2017 12:45:48 -0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron