Ubuntu
ruby2.3 package

ruby2.3 2.3.3-1+deb9u1 source package in Ubuntu

Changelog

ruby2.3 (2.3.3-1+deb9u1) stretch-security; urgency=high

  * Fix arbitrary heap exposure problem in the JSON library (Closes: #873906)
    [CVE-2017-14064]
    - Backported for Ruby 2.3 by Hiroshi SHIBATA <email address hidden>
      https://bugs.ruby-lang.org/issues/13853
  * Fix multiple security vulnerabilities in Rubygems (Closes: #873802)
    - Fix a DNS request hijacking vulnerability. Discovered by Jonathan
      Claudius, fix by Samuel Giddins.
      [CVE-2017-0902]
    - Fix an ANSI escape sequence vulnerability. Discovered by Yusuke Endoh,
      fix by Evan Phoenix.
      [CVE-2017-0899]
    - Fix a DOS vulernerability in the query command. Discovered by Yusuke
      Endoh, fix by Samuel Giddins.
      [CVE-2017-0900]
    - Fix a vulnerability in the gem installer that allowed a malicious gem to
      overwrite arbitrary files. Discovered by Yusuke Endoh, fix by Samuel
      Giddins.
      [CVE-2017-0901]
  * Fix SMTP comment injection (Closes: #864860)
    Patch by Shugo Maeda <email address hidden>
    [CVE-2015-9096]
  * Fix IV Reuse in GCM Mode (Closes: #842432)
    Patch by Kazuki Yamaguchi <email address hidden>
    [CVE-2016-7798]

 -- Antonio Terceiro <email address hidden>  Sat, 02 Sep 2017 15:11:07 -0300

Upload details

Uploaded by:
Antonio Terceiro
Uploaded to:
Stretch
Original maintainer:
Antonio Terceiro
Architectures:
any all
Section:
misc
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
ruby2.3_2.3.3-1+deb9u1.dsc 2.4 KiB 69185b16843692fe1395a94b91969b420393a51c31a6ffa7b6f6b45c92df7a9d
ruby2.3_2.3.3.orig.tar.xz 8.0 MiB 799796bb740832c7257f45089fdbd9cd57686cac033f88d0b078063b6d3d77ad
ruby2.3_2.3.3-1+deb9u1.debian.tar.xz 95.9 KiB 78376c991383f677a53a52f757304eb93c3acd3c5f825724c632d828414e032d

No changes file available.

Binary packages built by this source