[ubuntu/kinetic-security] ruby3.0 3.0.4-7ubuntu0.2 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Jul 12 15:24:19 UTC 2023
ruby3.0 (3.0.4-7ubuntu0.2) kinetic-security; urgency=medium
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28755.patch: adds '+' once or more in specific
places of the RFC3986 regex in order to avoid the increase in execution
time for parsing strings to URI objects in lib/uri/rfc3986_parser.rb.
- debian/patches/CVE-2023-28755-fix-test-uri-empty-host-again.patch:
fix test uri in lib/net/http/generic_request.rb.
- CVE-2023-28755
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-36617.patch: changes regex behaviour
in lib/url/rfc2396_parser.rb, lib/uri/rfc3986_parser.rb.
- CVE-2023-36617
Date: 2023-07-10 12:01:07.527702+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/ruby3.0/3.0.4-7ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list