[ubuntu/trusty-updates] ruby1.9.1 1.9.3.484-2ubuntu1.14 (Accepted)

Ubuntu Archive Robot Thu, 11 Apr 2019 07:28:37 -0700

ruby1.9.1 (1.9.3.484-2ubuntu1.14) trusty-security; urgency=medium

  * SECURITY UPDATE: Delete directory using symlink when decompressing tar,
    Escape sequence injection vulnerability in gem owner, Escape sequence
    injection vulnerability in API response handling, Arbitrary code exec,
    Escape sequence injection vulnerability in errors
    - debian/patches/CVE-2019-8320-25.patch: fix in
      lib/rubygems/command_manager.rb,
      lib/rubygems/commands/owner_command.rb,
      lib/rubygems/gemcutter_utilities.rb,
      lib/rubygems/installer.rb,
      lib/rubygems/package.rb,
      test/rubygems/test_gem_installer.rb,
      test/rubygems/test_gem_package.rb,
      test/rubygems/test_gem_text.rb.
    - CVE-2019-8320
    - CVE-2019-8321
    - CVE-2019-8322
    - CVE-2019-8323
    - CVE-2019-8324
    - CVE-2019-8325
  * Fixing expired certification that causes tests to fail
    - debian/patches/fixing_expired_SSL_certificates.patch: updating certs in
      test/net/imap/cacert.pen, test/net/imap/server.crt,
      test/net/imap/server.key.


Date: 2019-04-10 19:29:13.698521+00:00
Changed-By: [email protected] (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot 
<[email protected]>
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.14

Sorry, changesfile not available.

-- 
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-updates] ruby1.9.1 1.9.3.484-2ubuntu1.14 (Accepted)

Reply via email to