[ubuntu/jammy-proposed] ruby3.0 3.0.2-7ubuntu2 (Accepted)

Leonidas Da Silva Barbosa leo.barbosa at canonical.com
Thu Mar 17 17:38:13 UTC 2022 

ruby3.0 (3.0.2-7ubuntu2) jammy; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2021-41816.patch: fix integer overflow making
      sure use of the check in rb_alloc_tmp_buffer2 in
      ext/cgi/escape/escape.c.
    - CVE-2021-41816
  * SECURITY UPDATE: ReDoS vulnerability
    - debian/patches/CVE-2021-41817-*.patch: add length limit option
      for methods that parses date strings and mimic prev behaviour
      in  ext/date/date_core.c, test/date/test_date_parse.rb.
    - CVE-2021-41817
  * SECURITY UPDATE: Mishandles sec prefixes in cookie names
    - debian/patches/CVE-2021-41819.patch: when parsing cookies, only
      decode the values in lib/cgi/cookie.rb, test/cgi/test_cgi_cookie.rb.
    - CVE-2021-41819

Date: Thu, 17 Mar 2022 13:09:20 -0300
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 17 Mar 2022 13:09:20 -0300
Source: ruby3.0
Built-For-Profiles: noudeb
Architecture: source
Version: 3.0.2-7ubuntu2
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Changes:
 ruby3.0 (3.0.2-7ubuntu2) jammy; urgency=medium
 .
   * SECURITY UPDATE: Buffer overrun
     - debian/patches/CVE-2021-41816.patch: fix integer overflow making
       sure use of the check in rb_alloc_tmp_buffer2 in
       ext/cgi/escape/escape.c.
     - CVE-2021-41816
   * SECURITY UPDATE: ReDoS vulnerability
     - debian/patches/CVE-2021-41817-*.patch: add length limit option
       for methods that parses date strings and mimic prev behaviour
       in  ext/date/date_core.c, test/date/test_date_parse.rb.
     - CVE-2021-41817
   * SECURITY UPDATE: Mishandles sec prefixes in cookie names
     - debian/patches/CVE-2021-41819.patch: when parsing cookies, only
       decode the values in lib/cgi/cookie.rb, test/cgi/test_cgi_cookie.rb.
     - CVE-2021-41819
Checksums-Sha1:
 59599365db08aa8cfbedf7001473c8da893ea2ec 2584 ruby3.0_3.0.2-7ubuntu2.dsc
 c02b6cb8378ae2dc5a658f391b6e173acf712b1a 220724 ruby3.0_3.0.2-7ubuntu2.debian.tar.xz
 89e4136c51022d324a69f1830cfd206d78cf04f7 7399 ruby3.0_3.0.2-7ubuntu2_source.buildinfo
Checksums-Sha256:
 66967f66806019975d3b3a2d2bb159ee9d803e1777456712de53327345eea61e 2584 ruby3.0_3.0.2-7ubuntu2.dsc
 afb14a056e84ce7e03722df2e9994cf34ef96b666ada091d1a1e44cd9a23837c 220724 ruby3.0_3.0.2-7ubuntu2.debian.tar.xz
 f5c28e1235c88eba92d8d3fadd81033e6fbf6be14e89dc33fdfde65cbbc9523e 7399 ruby3.0_3.0.2-7ubuntu2_source.buildinfo
Files:
 11c03ca34f63198054bee21bb8552859 2584 ruby optional ruby3.0_3.0.2-7ubuntu2.dsc
 48a9ff5705f00338cc9e309c5e973fae 220724 ruby optional ruby3.0_3.0.2-7ubuntu2.debian.tar.xz
 16c6baf2348fb9450422ada614160b18 7399 ruby optional ruby3.0_3.0.2-7ubuntu2_source.buildinfo
Original-Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>

More information about the jammy-changes mailing list