[ubuntu/mantic-proposed] ruby3.1 3.1.2-7ubuntu1 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Wed Jun 21 11:57:16 UTC 2023
ruby3.1 (3.1.2-7ubuntu1) mantic; urgency=medium
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28755.patch: URI.parse should set empty
string in host instead of nil in lib/uri/rfc3986_parser.rb, raise
ArgumentError with empty host url again in
lib/net/http/generic_request.rb.
- debian/patches/fix-uri-tests.patch: Added assert_linear_performance
for URI tests
- CVE-2023-28755
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28756.patch: fix quadratic backtracking on
invalid time and make RFC2822 regexp linear in lib/time.rb.
- CVE-2023-28756
* debian/patches/fix-wss-tests.patch: Fix uninitialized constant URI::WSS
* debian/patches/fix-fiber-tests.patch: Fix actual hostname resolution
* debian/patches/fix-generic-tests.patch: Raise ArgumentError with empty
host url again
Date: Fri, 16 Jun 2023 09:49:28 +0530
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ruby3.1/3.1.2-7ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 16 Jun 2023 09:49:28 +0530
Source: ruby3.1
Built-For-Profiles: noudeb
Architecture: source
Version: 3.1.2-7ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Changes:
ruby3.1 (3.1.2-7ubuntu1) mantic; urgency=medium
.
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28755.patch: URI.parse should set empty
string in host instead of nil in lib/uri/rfc3986_parser.rb, raise
ArgumentError with empty host url again in
lib/net/http/generic_request.rb.
- debian/patches/fix-uri-tests.patch: Added assert_linear_performance
for URI tests
- CVE-2023-28755
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28756.patch: fix quadratic backtracking on
invalid time and make RFC2822 regexp linear in lib/time.rb.
- CVE-2023-28756
* debian/patches/fix-wss-tests.patch: Fix uninitialized constant URI::WSS
* debian/patches/fix-fiber-tests.patch: Fix actual hostname resolution
* debian/patches/fix-generic-tests.patch: Raise ArgumentError with empty
host url again
Checksums-Sha1:
e67529d1549a343016866ada239ff0a9de98ceb9 2670 ruby3.1_3.1.2-7ubuntu1.dsc
2ba73a660af8563b3bb0846e9e0c8fe53a249f02 78108 ruby3.1_3.1.2-7ubuntu1.debian.tar.xz
7ec5f58582772a1424be73281619974444bac3c2 7442 ruby3.1_3.1.2-7ubuntu1_source.buildinfo
Checksums-Sha256:
b43989c9cfe823bf9beb15f28c928c1357ceec796a54df32a7efbee18320de75 2670 ruby3.1_3.1.2-7ubuntu1.dsc
636649615d27e3b1608d3e4d4b3d70e56792501823b4ccbc2fcc70a571f7ff9c 78108 ruby3.1_3.1.2-7ubuntu1.debian.tar.xz
2d2eeaa1d6c870eae1baee39759d07f31f56d311a1d7bf3a83bcc85d8b2d49c2 7442 ruby3.1_3.1.2-7ubuntu1_source.buildinfo
Files:
d2ece94f6a78aa6b5aa383b4bb22475a 2670 ruby optional ruby3.1_3.1.2-7ubuntu1.dsc
b646d7ce9fa9142be37d21a5440dae26 78108 ruby optional ruby3.1_3.1.2-7ubuntu1.debian.tar.xz
044fcc64eeee0fa9385899ad0421b462 7442 ruby optional ruby3.1_3.1.2-7ubuntu1_source.buildinfo
Original-Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
More information about the mantic-changes
mailing list