[ubuntu/jammy-updates] ruby3.0 3.0.2-7ubuntu2.8 (Accepted)

Tue Nov 5 05:32:23 UTC 2024

ruby3.0 (3.0.2-7ubuntu2.8) jammy-security; urgency=medium

  * SECURITY UPDATE: denial or service in REXML
    - debian/patches/CVE-2024-35176_39908_41123.patch: Read quoted
      attributes in chunks
    - debian/patches/CVE-2024-41946.patch: Add support for XML entity
      expansion limitation in SAX and pull parsers
    - debian/patches/CVE-2024-49761.patch: fix a bug that &#0x...; is
      accepted as a character reference
    - CVE-2024-35176
    - CVE-2024-39908
    - CVE-2024-41123
    - CVE-2024-41946
    - CVE-2024-49761

Date: 2024-10-31 09:00:20.230975+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2.8
-------------- next part --------------
Sorry, changesfile not available.