-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2390-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : ruby-json-jwt Version : 1.6.2-1+deb9u2 CVE ID : CVE-2019-18848 Debian Bug : 944850 The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. Therefore, there was a need to explicitly specify the number of elements when splitting a JWE string. For Debian 9 stretch, this problem has been fixed in version 1.6.2-1+deb9u2. We recommend that you upgrade your ruby-json-jwt packages. For the detailed security status of ruby-json-jwt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-json-jwt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl91yf4ACgkQgj6WdgbD S5Ymtw/+NHe8cTWW6PxYO3tJDPdhS/Ocj9hc/1Gj6Dam9TewJxSnCYY+Fzk0xcA6 394Jz0r7rw83UXOYfSN3t2gxpXh79NfMSFhDNfWq/+IvdjQRlF3z8S2UY1xuaA2o cynqRHSjUU3JZ7alZ95/8jjTylcmE6JIucyfazF5aOvj2Wdp/PyMGgyDB8HqYCdJ eiaprM4djs5xpkVjo9HDHkM0D1WjZbjFdUH7J65a5Sm8YpbtAmZ2qHZv4fdOqwq+ /NpZJfJxv5LQhY2gKM7mEiw7hkxuKtjle+1prEYqIITzh6R7P++XYTknQ/E5vXIv DROg/y9dxxSfMYofSMX3VYcB1PjXh0EQRoLvb2Yf8Fwkw+pvPDmYHw8zgiIWEdAQ VyaVZPgbQ4kbcDTBYBz7kilTFD/DoSI/VDifekAY2yscM/C29Shcf3YT+uWuET2L roTKG8xLl+o7rAO37HFeGKdqn7oxZAgDHkoiSuTu+eps+nNt1Lj31EtkykepHa0w jJ03L+YIXC3aJIOJ5Eo0d+xs0yVece97tCfqLOwd5xHlnlmAn29AOvYEsIStNZGz 7UZOTIDHPGVujTFkxPT/TWpfLciiPBkI7uhJ29xHoB7KLC7d86Hf32Y2SmR1wcFy UKbFmsEMQG69TcQ5fpEj53FABtQp7P5y4SyBplFNNEvyNa043nE= =iVkH -----END PGP SIGNATURE-----
