[ubuntu/trusty-security] ruby2.0 2.0.0.484-1ubuntu2.13 (Accepted)

Leonidas S. Barbosa Thu, 11 Apr 2019 06:18:56 -0700

ruby2.0 (2.0.0.484-1ubuntu2.13) trusty-security; urgency=medium

  * SECURITY UPDATE: Delete directory using symlink when decompressing tar,
    Escape sequence injection vulnerability in gem owner, Escape sequence
    injection vulnerability in API response handling, Arbitrary code exec,
    Escape sequence injection vulnerability in errors
    - debian/patches/CVE-2019-8320-25.patch: fix in
      lib/rubygems/command_manager.rb,
      lib/rubygems/commands/owner_command.rb,
      lib/rubygems/gemcutter_utilities.rb,
      lib/rubygems/installer.rb,
      lib/rubygems/package.rb,
      test/rubygems/test_gem_installer.rb,
      test/rubygems/test_gem_package.rb,
      test/rubygems/test_gem_text.rb.
    - CVE-2019-8320
    - CVE-2019-8321
    - CVE-2019-8322
    - CVE-2019-8323
    - CVE-2019-8324
    - CVE-2019-8325
  * Fixing expired certification that causes tests to fail
    - debian/patches/fixing_expired_SSL_certificates.patch: updating certs in
      test/net/imap/cacert.pen, test/net/imap/server.crt,
      test/net/imap/server.key.


Date: 2019-04-10 19:54:14.907198+00:00
Changed-By: [email protected] (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.13

Sorry, changesfile not available.

-- 
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-security] ruby2.0 2.0.0.484-1ubuntu2.13 (Accepted)

Reply via email to