From: Raspbian automatic forward porter <root@raspbian.org>
Date: Tue, 17 Dec 2019 16:14:47 +0000 (+0000)
Subject: Merge version 2.3.3-1+deb9u6+rpi1 and 2.3.3-1+deb9u7 to produce 2.3.3-1+deb9u7+rpi1
X-Git-Tag: archive/raspbian/2.3.3-1+deb9u7+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=7b9edba74d3eaec2805aeb706786dfe8f7031801;p=ruby2.3.git

Merge version 2.3.3-1+deb9u6+rpi1 and 2.3.3-1+deb9u7 to produce 2.3.3-1+deb9u7+rpi1
---

7b9edba74d3eaec2805aeb706786dfe8f7031801
diff --cc debian/changelog
index df33648,4e06826..c703d42
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,13 +1,20 @@@
- ruby2.3 (2.3.3-1+deb9u6+rpi1) stretch-staging; urgency=medium
++ruby2.3 (2.3.3-1+deb9u7+rpi1) stretch-staging; urgency=medium
 +
 +  [changes brought forward from 2.3.3-1+deb9u1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sat, 21 Oct 2017 22:40:37 +0000]
 +  * Disable testsuite.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Thu, 18 Apr 2019 11:04:43 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Tue, 17 Dec 2019 16:14:46 +0000
++
+ ruby2.3 (2.3.3-1+deb9u7) stretch-security; urgency=high
+ 
+   * Non-maintainer upload by the Security Team.
+   * Fix for wrong fnmatch patttern (CVE-2019-15845)
+   * Loop with String#scan without creating substring (CVE-2019-16201)
+   * WEBrick: prevent response splitting and header injection (CVE-2019-16254)
+   * lib/shell/command-processor.rb (Shell#[]): prevent unknown command
+     (CVE-2019-16255)
+ 
+  -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 15 Dec 2019 17:28:25 +0100
  
  ruby2.3 (2.3.3-1+deb9u6) stretch-security; urgency=medium