-
ruby3.0 (3.0.4-8ubuntu1) lunar; urgency=medium
* SECURITY UPDATE: HTTP response splitting
- debian/patches/CVE-2021-33621*.patch: adds regex to lib/cgi/core.rb and
lib/cgi/cookie.rb along with tests to check http response headers and
cookie fields for invalid characters.
- debian/patches/fix_tzdata-2022.patch: fix for tzdata-2022g tests
in test/ruby/test_time_tz.rb.
- CVE-2021-33621
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 18 Jan 2023 11:55:54 -0300
-
ruby3.0 (3.0.4-8) unstable; urgency=medium
[ Vagrant Cascadian ]
* debian/rules: ensure rbconfig.rb is reproducible regardless of usr-merge
(Closes: #1006471)
* debian/rules: Strip the build path from rbconfig.rb (Closes: #1006476)
[ Antonio Terceiro ]
* libruby3.0: depend on packages that used to be provided by ruby2.7.
This allows *ruby2.7 to be removed after upgrades from bullseye where
the user has installed packages that depend on either ruby-webrick or
ruby-sdbm.
* rbconfig, mkmf: call foreign pkg-config when cross compiling
(Closes: #1018230)
-- Antonio Terceiro <email address hidden> Sat, 10 Sep 2022 23:02:54 -0300
-
ruby3.0 (3.0.4-7) unstable; urgency=medium
* Complete the patch to disable compaction on architectures where it can't work.
-- Antonio Terceiro <email address hidden> Sun, 01 May 2022 09:56:20 -0300