[ubuntu/artful-security] ruby2.3 2.3.3-1ubuntu1.4 (Accepted)

[Leonidas S. Barbosa]

ruby2.3 (2.3.3-1ubuntu1.4) artful-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000073.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000073
  * SECURITY UPDATE: Deserialization untrusted data
    - debian/patches/CVE-2018-1000074.patch fix in
      lib/rubygems/commands/owner_command.rb,
      test/rubygems/test_gem_commands_owner_command.rb.
    - CVE-2018-1000074
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-1000075.patch: fix in
      lib/rubygems/package/tar_header.rb,
      test/rubygems/test_gem_package_tar_header.rb.
    - CVE-2018-1000075
  * SECURITY UPDATE: Improper verification of crypto
    signature
    - debian/patches/CVE-2018-1000076.patch: fix in
      lib/rubygems/package.rb, lib/rubygems/pacage/tar_writer.rb,
      test/rubygems/test_gem_pacakge.rg
    - CVE-2018-1000076
  * SECURITY UPDATE: Validation vulnerability
    - debian/patches/CVE-2018-1000077.patch: fix in
      lib/rubygems/specification.rb,
      test/rubygems/test_gem_specification.rb.
    - CVE-2018-1000077
  * SECURITY UPDATE: Cross site scripting
    - debian/patches/CVE-2018-1000078.patch: fix in
      lib/rubygems/server.rb.
    - CVE-2018-1000078
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000079.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000079

Date: 2018-04-04 17:34:14.533730+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.3-1ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.