ruby-rack (1.6.4-3ubuntu0.2) xenial-security; urgency=medium
* Merge patches from Debian.
* SECURITY UPDATE: Directory traversal vulnerability.
- debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
Dir[glob] to prevent user-specified glob metacharacters.
- CVE-2020-8161
* SECURITY UPDATE: Cookie forgery.
- debian/patches/CVE-2020-8184.patch: When parsing cookies, only
decode the values.
- CVE-2020-8184
Date: 2021-04-06 09:36:28.258683+00:00
Changed-By: Eduardo Barretto <[email protected]>
Signed-By: Ubuntu Archive Robot <[email protected]>
https://launchpad.net/ubuntu/+source/ruby-rack/1.6.4-3ubuntu0.2
Sorry, changesfile not available.
--
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
