[ubuntu/hirsute-updates] ruby2.7 2.7.2-4ubuntu1.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Wed Jul 21 15:28:39 UTC 2021


ruby2.7 (2.7.2-4ubuntu1.2) hirsute-security; urgency=medium

  * SECURITY UPDATE: Command injection vulnerability in RDoc
    - debian/patches/CVE-2021-31799.patch: fix replace open for File.open
      in lib/rdoc/rdoc.rb, test/rdoc/test_rdoc_rdoc.rb.
    - CVE-2021-31799
  * SECURITY UPDATE: Information leak
    - debian/patches/CVE-2021-31810.patch: ignore IP address in PASV
      responses by default and add new option use_pasv_ip in lib/net/ftp.rb,
      test/net/ftp/test_ftp.rb.
    - CVE-2021-31810
  * SECURITY UPDATE: Stripping vulnerability
    - debian/patches/CVE-2021-32066.patch: fix raising an exception
      when a unknow response error happens in
      lib/net/imap.rb, test/net/imap/test_imap.rb.
    - CVE-2021-32066

Date: 2021-07-16 12:44:34.269753+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.2-4ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Hirsute-changes mailing list