-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : rake Version : 10.3.2-2+deb8u1 CVE ID : CVE-2020-8130
There is an OS command injection vulnerability in Rake (a ruby make-like utility) < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. For Debian 8 "Jessie", this problem has been fixed in version 10.3.2-2+deb8u1. We recommend that you upgrade your rake packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl5W4/kACgkQYS7xYT4F D1QWFg/+IjNoa8DUSKUPlUtaoCoVFGv8j2Hfo7ranLAbG3jV9WpMLZw7y4KPHt4v QDDO5uXIzM5QmpkTuJPEl5v/k5FeoVOmzVF4J6fGO9HWNCYwZhu8g63OAv9HX3KD 4KZBbPITTPPAaDIDXut+UMfAtTD9TErGB/4Cc22QrdycE1BmlYawxOYoZ5FgwP/E PJ/B0XilolaMO4q5Ith5VAYniRkN0DTnsm+VnTdBwDujlBkevfz90pbqVz4wwfNY xpWPMy2Ki+rwYXRMEYe3BjWNG/4GeSSbDpzyYW3M3souhdJodzvCsg/N1Xo9Ziv6 Ds++DFxy5MtR7X/qluXYhlifhjHeocxAdeMAUlV7M9ssweVWWXUVJEaYNHdgLPxo 6bQsMdZGMMZiEr3byjMnYw9uSOEN0kQ9kRVc9Y1KxNHiZZ4rCA5rpGep889bBbQ9 R2ATzUH266YZYx87/PjHvnO/MAvJ/Uk/xjiunCKhV+Qml1Gh+IFQSk0/Nm9dUZhr hjaAG8xCWuS4IZopD0/qqs6rDsp7dzdEDdP5NjZqdKY7wrWz86E6tMI54K1P+adu gjfdDPdOkdWoBm9me7t259eAy2NtZdj+9vhVwonFHjt5GWGFFKzmz+oN31IbUpJ/ 5UHoizfLW5E4E/TZ4Zeufwezj0NcwQ5TnOPxN/dd3Ph0/zG0eI4= =Mtrw -----END PGP SIGNATURE-----
