[ubuntu/bionic-security] ruby-rack 1.6.4-4ubuntu0.2 (Accepted)
Eduardo Barretto
eduardo.barretto at canonical.com
Wed Sep 30 18:39:34 UTC 2020
ruby-rack (1.6.4-4ubuntu0.2) bionic-security; urgency=medium
* Merge patches from Debian.
* SECURITY UPDATE: Directory traversal vulnerability.
- debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
Dir[glob] to prevent user-specified glob metacharacters.
- CVE-2020-8161
* SECURITY UPDATE: Cookie forgery.
- debian/patches/CVE-2020-8184.patch: When parsing cookies, only
decode the values.
- CVE-2020-8184
Date: 2020-09-30 18:09:16.343343+00:00
Changed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/ruby-rack/1.6.4-4ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list