[ubuntu/xenial-security] ruby-rack-cors 0.4.0-1+deb9u2build0.16.04.1 (Accepted)
Mike Salvatore
mike.salvatore at canonical.com
Mon Oct 5 18:13:25 UTC 2020
ruby-rack-cors (0.4.0-1+deb9u2build0.16.04.1) xenial-security; urgency=medium
* fake sync from Debian
ruby-rack-cors (0.4.0-1+deb9u2) stretch-security; urgency=high
* Non-maintainer upload by the LTS team.
* Fix CVE-2019-18978: This package allowed ../ directory traversal
to access private resources because resource matching did not
ensure that pathnames were in a canonical format.
Date: 2020-10-05 17:51:13.141017+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
https://launchpad.net/ubuntu/+source/ruby-rack-cors/0.4.0-1+deb9u2build0.16.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list