-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : ruby-excon Version : 0.33.0-2+deb8u1 CVE ID : CVE-2019-16779 Debian Bug : 946904
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. For Debian 8 "Jessie", this problem has been fixed in version 0.33.0-2+deb8u1. We recommend that you upgrade your ruby-excon packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl4kUJkACgkQhj1N8u2c KO/URw//fKbiyQsnrYihOa/DSCRF3D2HG/kj+yvQahIscUaepbWJgW43ogHBn4Hn R1ic2e81Wmq7LVZVjg9+yoeugkqaWaoe/oFIGXJw2LRmT5luiUyCz+dcqqC2VtSk BwyS4Uka+s5HHz/1SHWpI8joo/8mVS70QTYqVIx67WOlGhNAuCMaYO5+APunr09v xt+2qM/KHeqXoRelLhWRBd4N22q6w3spY/HEKGh7AFChj5JQ8p00rUS9+XLZKQxg ptpHCqa8I9cESJtWInEY+QU6egEXUJJBrsPyV1jN8rcaHXw8BQSahK8ObJFkNBSM HhcTa+DltwLdKOXZDL4crTJSkTjjm/WxW8gtB9zlk2l9sXLl8ofuBXaNanr9Qslr dA+OQYUxFmlsNq1go74cCdu9m1oHktlxpxs0We+lNwrYCbGidP2X+XtP3Z94n2aD Z2JhzEjwP+5vy5GITDLXu2xM7WKzSZSQIJmJppQdl9pxayEHmjRgZ54pwy0Nmm/4 Qs/Pa+BFXTfi7JT/cfO0Lp8EcD1FjCcEi+0XUep/YvOO7B9Vhc1/JJXbO/IImAoL RZwNO0vfcrRedjSNN7j8AQ35jhOFnmIC2zuKOLKQawsJzncFOcWr05n9DcMhiIP0 ndjSCBezmXNpK1kEOeUdZc+q1xbOcEOx2yGH0KhcOV1FXYk6Udo= =03Pu -----END PGP SIGNATURE-----
