[ubuntu/xenial-updates] ruby-rack-cors 0.4.0-1+deb9u2build0.16.04.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Oct 5 18:58:09 UTC 2020

ruby-rack-cors (0.4.0-1+deb9u2build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

ruby-rack-cors (0.4.0-1+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2019-18978: This package allowed ../ directory traversal
    to access private resources because resource matching did not
    ensure that pathnames were in a canonical format.

Date: 2020-10-05 17:51:13.141017+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list