[ubuntu/trusty-security] ruby1.9.1 1.9.3.484-2ubuntu1.8 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Thu Apr 5 15:08:14 UTC 2018


ruby1.9.1 (1.9.3.484-2ubuntu1.8) trusty-security; urgency=medium

  * SECURITY UPDATE: Deserialization untrusted data
    - debian/patches/CVE-2018-1000074*.patch fix in
      lib/rubygems/commands/owner_command.rb,
      test/rubygems/test_gem_commands_owner_command.rb.
    - CVE-2018-1000074
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-1000075.patch: fix in
      lib/rubygems/package/tar_header.rb,
      test/rubygems/test_gem_package_tar_header.rb.
    - CVE-2018-1000075
  * SECURITY UPDATE: Validation vulnerability
    - debian/patches/CVE-2018-1000077.patch: fix in
      lib/rubygems/specification.rb,
      test/rubygems/test_gem_specification.rb.
    - CVE-2018-1000077
  * SECURITY UPDATE: Cross site scripting
    - debian/patches/CVE-2018-1000078.patch: fix in
      lib/rubygems/server.rb.
    - CVE-2018-1000078

Date: 2018-04-03 17:20:21.431114+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.8
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list