[ubuntu/lunar-updates] ruby3.1 3.1.2-6ubuntu0.23.04.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Jun 21 09:58:14 UTC 2023
ruby3.1 (3.1.2-6ubuntu0.23.04.1) lunar-security; urgency=medium
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28755.patch: URI.parse should set empty
string in host instead of nil in lib/uri/rfc3986_parser.rb, raise
ArgumentError with empty host url again in
lib/net/http/generic_request.rb.
- debian/patches/fix-uri-tests.patch: Added assert_linear_performance
for URI tests
- CVE-2023-28755
* SECURITY UPDATE: ReDos
- debian/patches/CVE-2023-28756.patch: fix quadratic backtracking on
invalid time and make RFC2822 regexp linear in lib/time.rb.
- CVE-2023-28756
* debian/patches/fix-wss-tests.patch: Fix uninitialized constant URI::WSS
* debian/patches/fix-fiber-tests.patch: Fix actual hostname resolution
* debian/patches/fix-generic-tests.patch: Raise ArgumentError with empty
host url again
Date: 2023-06-16 10:30:13.409464+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ruby3.1/3.1.2-6ubuntu0.23.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list