[ubuntu/trusty-updates] ruby2.0 2.0.0.484-1ubuntu2.10 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jun 14 13:58:23 UTC 2018 

ruby2.0 (2.0.0.484-1ubuntu2.10) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS vulnerability in query command
    - debian/patches/CVE-2017-0901-0902.patch
      patch extracted from debian Wheezy.
    - CVE-2017-0901
    - CVE-2017-0902
  * SECURITY UPDATE: Remote code execution
    - debian/patches/CVE-2017-0903.patch: fix in lib/rubygems.rb,
      lib/rubygems/config_file.rb, lib/rubygems/safe_yaml.rb,
      lib/rubygems/specification.rb.
    - CVE-2017-0903
  * SECURITY UPDATE: possibly execute arbitrary commands via a crafted user name
    - debian/patches/CVE-2017-10784.patch: sanitize any type of logs in
      lib/webrick/httpstatus.rb, lib/webrick/log.rb and test/webrick/test_httpauth.rb.
    - CVE-2017-10784
  * SECURITY UPDATE: Arbitrary memory expose during a JSON.generate call
    - debian/patches/CVE-2017-14064.patch: fix this in
      ext/json/ext/generator/generator.c and ext/json/ext/generator/generator.h.
    - CVE-2017-14064
  * SECURITY UPDATE: Malicious format string - buffer overrun
    - debian/patches/CVE-2017-0898.patch: fix in sprintf.c,
      test/ruby/test_sprintf.rb.
    - CVE-2017-0898
  * SECURITY UPDATE: Response splitting attack
    - debian/patches/CVE-2017-17742*.patch: fix in webrick/httpresponse.rb,
    - CVE-2017-17742
  * SECURITY UPDATE: Deserialization untrusted data
    - debian/patches/CVE-2018-1000074.patch fix in
      lib/rubygems/commands/owner_command.rb,
    - CVE-2018-1000074
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-8777*.patch: fix in lib/webrick/httpresponse.rb,
      lib/webrick/httpservlet/filehandler.rb,
    - CVE-2018-8777

Date: 2018-06-12 17:27:13.490593+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.10
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list