ruby2.3 (2.3.1-2~16.04.6) xenial-security; urgency=medium
* SECURITY UPDATE: fails to validade specification names
- debian/patches/CVE-2017-0901-0902.patch: fix this.
- CVE-2017-0901
* SECURITY UPDATE: vulnerable to a DNS hijacking
- debian/patches/CVE-2017-0901-0902.patch fix this.
- CVE-2017-0902
* SECURITY UPDATE: possible remote code execution
- debian/patches/CVE-2017-0903.patch: whitelist classes
and symbols that are in Gem spec YAML in lib/rubygems.rb,
lib/rubygens/config_file.rb, lib/rubygems/package.rb,
lib/rubygems/package/old.rb, lib/rubygems/safe_yaml.rb,
lib/rubygems/specification.rb.
- CVE-2017-0903
Date: 2018-01-30 18:37:18.902031+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Maintainer: Antonio Terceiro <antonio.terce...@linaro.org>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.6
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
