Ubuntu
ruby2.7 package

ruby2.7 2.7.4-1ubuntu3.1 source package in Ubuntu

Changelog

ruby2.7 (2.7.4-1ubuntu3.1) impish-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2021-41816.patch: fix integer overflow making
      sure use of the check in rb_alloc_tmp_buffer2 in
      ext/cgi/escape/escape.c.
    - CVE-2021-41816
  * SECURITY UPDATE: ReDoS vulnerability
    - debian/patches/CVE-2021-41817-*.patch: add length limit option
      for methods that parses date strings and mimic prev behaviour
      in  ext/date/date_core.c, test/date/test_date_parse.rb.
    - CVE-2021-41817
  * SECURITY UPDATE: Mishandles sec prefixes in cookie names
    - debian/patches/CVE-2021-41819.patch: when parsing cookies, only
      decode the values in lib/cgi/cookie.rb, test/cgi/test_cgi_cookie.rb.
    - CVE-2021-41819

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 06 Jan 2022 10:18:08 -0300

Upload details

Uploaded by:
Leonidas S. Barbosa
Uploaded to:
Impish
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
ruby
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
ruby2.7_2.7.4.orig.tar.xz 10.3 MiB a42c6089f82d9ab8dad2e72ba5b318f4177ff7bb17a584ae3834521e4f43c9b5
ruby2.7_2.7.4-1ubuntu3.1.debian.tar.xz 115.2 KiB 738faa0d5e9ca5dd475d74aca509b8b63ac5ae8d9b00d45822a929425763f19a
ruby2.7_2.7.4-1ubuntu3.1.dsc 2.5 KiB bf2e077fb31f62f96ae7ca2394b90c3d489c7e98d7f9026215a7488f6384d509

View changes file

Binary packages built by this source

libruby2.7: No summary available for libruby2.7 in ubuntu impish.

No description available for libruby2.7 in ubuntu impish.

libruby2.7-dbgsym: No summary available for libruby2.7-dbgsym in ubuntu impish.

No description available for libruby2.7-dbgsym in ubuntu impish.

ruby2.7: No summary available for ruby2.7 in ubuntu impish.

No description available for ruby2.7 in ubuntu impish.

ruby2.7-dbgsym: No summary available for ruby2.7-dbgsym in ubuntu impish.

No description available for ruby2.7-dbgsym in ubuntu impish.

ruby2.7-dev: No summary available for ruby2.7-dev in ubuntu impish.

No description available for ruby2.7-dev in ubuntu impish.

ruby2.7-doc: No summary available for ruby2.7-doc in ubuntu impish.

No description available for ruby2.7-doc in ubuntu impish.