[ubuntu/trusty-security] ruby2.0 2.0.0.484-1ubuntu2.13 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Thu Apr 11 13:18:35 UTC 2019
ruby2.0 (2.0.0.484-1ubuntu2.13) trusty-security; urgency=medium
* SECURITY UPDATE: Delete directory using symlink when decompressing tar,
Escape sequence injection vulnerability in gem owner, Escape sequence
injection vulnerability in API response handling, Arbitrary code exec,
Escape sequence injection vulnerability in errors
- debian/patches/CVE-2019-8320-25.patch: fix in
lib/rubygems/command_manager.rb,
lib/rubygems/commands/owner_command.rb,
lib/rubygems/gemcutter_utilities.rb,
lib/rubygems/installer.rb,
lib/rubygems/package.rb,
test/rubygems/test_gem_installer.rb,
test/rubygems/test_gem_package.rb,
test/rubygems/test_gem_text.rb.
- CVE-2019-8320
- CVE-2019-8321
- CVE-2019-8322
- CVE-2019-8323
- CVE-2019-8324
- CVE-2019-8325
* Fixing expired certification that causes tests to fail
- debian/patches/fixing_expired_SSL_certificates.patch: updating certs in
test/net/imap/cacert.pen, test/net/imap/server.crt,
test/net/imap/server.key.
Date: 2019-04-10 19:54:14.907198+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.13
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list