[ubuntu/xenial-security] ruby2.3 2.3.1-2~16.04.7 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Thu Apr 5 15:08:19 UTC 2018
ruby2.3 (2.3.1-2~16.04.7) xenial-security; urgency=medium
* SECURITY UPDATE: Directory traversal
- debian/patches/CVE-2018-1000073.patch: fix in
lib/rubygems/package.rb.
- CVE-2018-1000073
* SECURITY UPDATE: Deserialization untrusted data
- debian/patches/CVE-2018-1000074.patch fix in
lib/rubygems/commands/owner_command.rb,
test/rubygems/test_gem_commands_owner_command.rb.
- CVE-2018-1000074
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2018-1000075.patch: fix in
lib/rubygems/package/tar_header.rb,
test/rubygems/test_gem_package_tar_header.rb.
- CVE-2018-1000075
* SECURITY UPDATE: Improper verification of crypto
signature
- debian/patches/CVE-2018-1000076.patch: fix in
lib/rubygems/package.rb, lib/rubygems/pacage/tar_writer.rb,
test/rubygems/test_gem_pacakge.rg
- CVE-2018-1000076
* SECURITY UPDATE: Validation vulnerability
- debian/patches/CVE-2018-1000077.patch: fix in
lib/rubygems/specification.rb,
test/rubygems/test_gem_specification.rb.
- CVE-2018-1000077
* SECURITY UPDATE: Cross site scripting
- debian/patches/CVE-2018-1000078.patch: fix in
lib/rubygems/server.rb.
- CVE-2018-1000078
* SECURITY UPDATE: Directory traversal
- debian/patches/CVE-2018-1000079.patch: fix in
lib/rubygems/package.rb.
- CVE-2018-1000079
Date: 2018-04-04 16:38:13.611863+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Antonio Terceiro <antonio.terceiro at linaro.org>
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list