[ubuntu/xenial-updates] ruby2.3 2.3.1-2~16.04.12 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Apr 11 14:28:25 UTC 2019
ruby2.3 (2.3.1-2~16.04.12) xenial-security; urgency=medium
* SECURITY UPDATE: Delete directory using symlink when decompressing tar,
Escape sequence injection vulnerability in gem owner, Escape sequence
injection vulnerability in API response handling, Arbitrary code exec,
Escape sequence injection vulnerability in errors
- debian/patches/CVE-2019-8320-25.patch: fix in
lib/rubygems/command_manager.rb,
lib/rubygems/commands/owner_command.rb,
lib/rubygems/gemcutter_utilities.rb,
lib/rubygems/installer.rb,
lib/rubygems/package.rb,
test/rubygems/test_gem_package.rb,
test/rubygems/test_gem_installer.rb,
test/rubygems/test_gem_text.rb.
- CVE-2019-8320
- CVE-2019-8321
- CVE-2019-8322
- CVE-2019-8323
- CVE-2019-8324
- CVE-2019-8325
* Fixing expired certification that causes tests to fail
- debian/patches/fixing_expired_SSL_certificates.patch: fix in
test/net/imap/cacert.pen, test/net/imap/server.crt,
test/net/imap/server.key.
* Added lisbon_tz test to excluded tests
- debian/patches/0001-excluding_lisbon_tz_test.patch:
test/excludes/TestTimeTZ.rb.
* Fixing symlink expanding issue that makes some tests and gems fails
- debian/patches/fixing_symlink_expanding_issue.patch: fix in
lib/rubygems/package.rb, test/rubygems/test_gem_package.rb.
Date: 2019-04-03 16:50:12.758704+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Antonio Terceiro <antonio.terceiro at linaro.org>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.12
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list