[ubuntu/focal-security] ruby2.7 2.7.0-5ubuntu1.13 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jun 17 13:14:35 UTC 2024
ruby2.7 (2.7.0-5ubuntu1.13) focal-security; urgency=medium
* SECURITY UPDATE: code execution in RDoc
- debian/patches/CVE-2024-27281-pre1.patch: add Psych.safe_load_file to
ext/psych/lib/psych.rb, test/psych/test_exception.rb,
test/psych/test_psych.rb.
- debian/patches/CVE-2024-27281-1.patch: filter marshalled objects in
lib/rdoc/store.rb.
- debian/patches/CVE-2024-27281-2.patch: use safe_load and
safe_load_file for .rdoc_options in lib/rdoc/rdoc.rb,
test/rdoc/test_rdoc_options.rb.
- debian/patches/CVE-2024-27281-3.patch: fix NoMethodError for
start_with in lib/rdoc/store.rb.
- CVE-2024-27281
* SECURITY UPDATE: heap data extraction via regex
- debian/patches/CVE-2024-27282.patch: fix Use-After-Free issue for
Regexp in regexec.c.
- CVE-2024-27282
* debian/patches/update_test_certs.patch: update test certs in
test/net/fixtures/* to fix FTBFS.
Date: 2024-06-14 14:25:10.427318+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.13
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list