[ubuntu/focal-updates] ruby2.7 2.7.0-5ubuntu1.6 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue Jan 18 17:58:20 UTC 2022

ruby2.7 (2.7.0-5ubuntu1.6) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2021-41816.patch: fix integer overflow making
      sure use of the check in rb_alloc_tmp_buffer2 in
    - CVE-2021-41816
  * SECURITY UPDATE: ReDoS vulnerability
    - debian/patches/CVE-2021-41817-*.patch: add length limit option
      for methods that parses date strings and mimic prev behaviour
      in  ext/date/date_core.c, test/date/test_date_parse.rb.
    - CVE-2021-41817
  * SECURITY UPDATE: Mishandles sec prefixes in cookie names
    - debian/patches/CVE-2021-41819.patch: when parsing cookies, only
      decode the values in lib/cgi/cookie.rb, test/cgi/test_cgi_cookie.rb.
    - CVE-2021-41819

Date: 2022-01-06 14:45:10.409446+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list