[ubuntu/bionic-updates] ruby-rack 1.6.4-4ubuntu0.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Sep 30 18:58:08 UTC 2020

ruby-rack (1.6.4-4ubuntu0.2) bionic-security; urgency=medium

  * Merge patches from Debian.
  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
      Dir[glob] to prevent user-specified glob metacharacters.
    - CVE-2020-8161
  * SECURITY UPDATE: Cookie forgery.
    - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
      decode the values.
    - CVE-2020-8184

Date: 2020-09-30 18:09:16.343343+00:00
Changed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list