[ubuntu/bionic-updates] ruby2.5 2.5.1-1ubuntu1.11 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Jan 18 17:58:20 UTC 2022
ruby2.5 (2.5.1-1ubuntu1.11) bionic-security; urgency=medium
* SECURITY UPDATE: ReDoS vulnerability
- debian/patches/CVE-2021-41817-*.patch: add length limit option
for methods that parses date strings and mimic prev behaviour
in ext/date/date_core.c, test/date/test_date_parse.rb.
- CVE-2021-41817
* SECURITY UPDATE: Mishandles sec prefixes in cookie names
- debian/patches/CVE-2021-41819.patch: when parsing cookies, only
decode the values in lib/cgi/cookie.rb, test/cgi/test_cgi_cookie.rb.
- CVE-2021-41819
Date: 2022-01-06 16:22:10.491905+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.11
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list