[ubuntu/focal-security] ruby2.7 2.7.0-5ubuntu1.9 (Accepted)

[Leonidas S. Barbosa]

ruby2.7 (2.7.0-5ubuntu1.9) focal-security; urgency=medium

  * SECURITY UPDATE: ReDoS
    - debian/patches/CVE-2023-28755-*.patch: URI.parse should set empty
      string in host instead of nil in lib/uri/rfc3986_parser.rb, raise
      ArgumentError with empty host url again in
      lib/net/http/generic_request.rb.
    - CVE-2023-28755
  * SECURITY UPDATE: ReDos
    - debian/patches/CVE-2023-28756-*.patch: fix quadratic backtracking on
      invalid time and make RFC2822 regexp linear in lib/time.rb.
    - CVE-2023-28756
  * debian/patches/fix_test_generic.patch: fix test generic.

Date: 2023-05-02 09:21:12.759385+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.9
-------------- next part --------------
Sorry, changesfile not available.