[ubuntu/focal-updates] ruby-rack 2.0.7-2ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

ruby-rack (2.0.7-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
      Dir[glob] to prevent user-specified glob metacharacters.
    - CVE-2020-8161
  * SECURITY UPDATE: Cookie forgery.
    - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
      decode the values.
    - CVE-2020-8184

Date: 2021-04-06 09:36:30.283933+00:00
Changed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ruby-rack/2.0.7-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.