[ubuntu/xenial-security] ruby2.3 2.3.1-2~16.04.5 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Jan 10 14:29:13 UTC 2018
ruby2.3 (2.3.1-2~16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: possible command injection attacks through
kernel#open
- debian/patches/CVE-2017-17790.patch: fix uses of Kernel#open in
lib/resolv.rb.
- CVE-2017-17790
* SECURITY UPDATE: possibly execute arbitrary commands via a crafted user name
- debian/patches/CVE-2017-10784.patch: sanitize any type of logs in
lib/webrick/httpstatus.rb, lib/webrick/log.rb and test/webrick/test_httpauth.rb.
- CVE-2017-10784
* SECURITY UPDATE: denial of service via a crafted string
- debian/patches/CVE-2017-14033.patch: fix in ext/openssl/ossl_asn1.c.
- CVE-2017-14033
* SECURITY UPDATE: Arbitrary memory expose during a JSON.generate call
- debian/patches/CVE-2017-14064.patch: fix this in
ext/json/ext/generator/generator.c and ext/json/ext/generator/generator.h.
Date: 2018-01-09 18:57:14.199723+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Antonio Terceiro <antonio.terceiro at linaro.org>
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list