This bug was fixed in the package ruby3.0 - 3.0.2-7ubuntu2
---------------
ruby3.0 (3.0.2-7ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: Buffer overrun
- debian/patches/CVE-2021-41816.patch: fix integer overflow making
sure use of the check in rb_alloc_tmp_buffer2 in
ext/cgi/escape/escape.c.
- CVE-2021-41816
* SECURITY UPDATE: ReDoS vulnerability
- debian/patches/CVE-2021-41817-*.patch: add length limit option
for methods that parses date strings and mimic prev behaviour
in ext/date/date_core.c, test/date/test_date_parse.rb.
- CVE-2021-41817
* SECURITY UPDATE: Mishandles sec prefixes in cookie names
- debian/patches/CVE-2021-41819.patch: when parsing cookies, only
decode the values in lib/cgi/cookie.rb, test/cgi/test_cgi_cookie.rb.
- CVE-2021-41819
-- Leonidas Da Silva Barbosa <[email protected]> Thu, 17 Mar
2022 13:09:20 -0300
** Changed in: ruby3.0 (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41816
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41817
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41819
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1964813
Title:
Script to generate Provides is broken
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby3.0/+bug/1964813/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
