Changelog
ruby2.3 (2.3.3-1+deb9u1) stretch-security; urgency=high
* Fix arbitrary heap exposure problem in the JSON library (Closes: #873906)
[CVE-2017-14064]
- Backported for Ruby 2.3 by Hiroshi SHIBATA <email address hidden>
https://bugs.ruby-lang.org/issues/13853
* Fix multiple security vulnerabilities in Rubygems (Closes: #873802)
- Fix a DNS request hijacking vulnerability. Discovered by Jonathan
Claudius, fix by Samuel Giddins.
[CVE-2017-0902]
- Fix an ANSI escape sequence vulnerability. Discovered by Yusuke Endoh,
fix by Evan Phoenix.
[CVE-2017-0899]
- Fix a DOS vulernerability in the query command. Discovered by Yusuke
Endoh, fix by Samuel Giddins.
[CVE-2017-0900]
- Fix a vulnerability in the gem installer that allowed a malicious gem to
overwrite arbitrary files. Discovered by Yusuke Endoh, fix by Samuel
Giddins.
[CVE-2017-0901]
* Fix SMTP comment injection (Closes: #864860)
Patch by Shugo Maeda <email address hidden>
[CVE-2015-9096]
* Fix IV Reuse in GCM Mode (Closes: #842432)
Patch by Kazuki Yamaguchi <email address hidden>
[CVE-2016-7798]
-- Antonio Terceiro <email address hidden> Sat, 02 Sep 2017 15:11:07 -0300