[ubuntu/artful-updates] ruby2.3 2.3.3-1ubuntu1.3 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Jan 31 16:01:33 UTC 2018

ruby2.3 (2.3.3-1ubuntu1.3) artful-security; urgency=medium

  * SECURITY UPDATE: fails to validade specification names
    - debian/patches/CVE-2017-0901-0902.patch:  fix this.
    - CVE-2017-0901
  * SECURITY UPDATE: vulnerable to a DNS hijacking
    - debian/patches/CVE-2017-0901-0902.patch fix this.
    - CVE-2017-0902
  * SECURITY UPDATE: possible remote code execution
    - debian/patches/CVE-2017-0903.patch: whitelist classes
      and symbols that are in Gem spec YAML in lib/rubygems.rb,
      lib/rubygens/config_file.rb, lib/rubygems/package.rb,
      lib/rubygems/package/old.rb, lib/rubygems/safe_yaml.rb,
    - CVE-2017-0903

Date: 2018-01-30 18:22:22.995910+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Artful-changes mailing list