[ubuntu/artful-security] ruby2.3 2.3.3-1ubuntu1.2 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Wed Jan 10 14:29:11 UTC 2018

ruby2.3 (2.3.3-1ubuntu1.2) artful-security; urgency=medium

  * SECURITY UPDATE: possible command injection attacks through
    - debian/patches/CVE-2017-17790.patch: fix uses of Kernel#open in
    - CVE-2017-17790
  * SECURITY UPDATE: possibly execute arbitrary commands via a crafted user name
    - debian/patches/CVE-2017-10784.patch: sanitize any type of logs in
      lib/webrick/httpstatus.rb, lib/webrick/log.rb and test/webrick/test_httpauth.rb.
    - CVE-2017-10784
  * SECURITY UPDATE: denial of service via a crafted string
    - debian/patches/CVE-2017-14033.patch: fix in ext/openssl/ossl_asn1.c.
    - CVE-2017-14033
  * SECURITY UPDATE: Arbitrary memory expose during a JSON.generate call
    - debian/patches/CVE-2017-14064.patch: fix this in
      ext/json/ext/generator/generator.c and ext/json/ext/generator/generator.h.

Date: 2018-01-09 19:13:15.325990+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
-------------- next part --------------
Sorry, changesfile not available.

More information about the Artful-changes mailing list