[ubuntu/bionic-security] ruby2.5 2.5.1-1ubuntu1.14 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Thu May 4 08:15:01 UTC 2023
ruby2.5 (2.5.1-1ubuntu1.14) bionic-security; urgency=medium
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28755-*.patch: URI.parse should set empty
string in host instead of nil in lib/uri/rfc3986_parser.rb.
- debian/patches/tz_fix.patch: fix timezone test for Lisbon in
test/ruby/test_time_tz.rb.
- debian/patches/certs_up_fix.patch: update certificate file to
make test pass in test/rubygems/ca_cert.pem, test/rubygems/client.pem,
test/rubygems/ssl_cert.pem, test/rubygems/ss_key.pem,
test/rubygems/test_gem_security_policy.rb.
- CVE-2023-28755
* SECURITY UPDATE: ReDos
- debian/patches/CVE-2023-28756-*.patch: fix quadratic backtracking on
invalid time and make RFC2822 regexp linear in lib/time.rb.
- CVE-2023-28756
Date: 2023-04-12 12:09:10.429230+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.14
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list