ruby3.1 3.1.2-2ubuntu0.22.10.1 source package in Ubuntu
Changelog
ruby3.1 (3.1.2-2ubuntu0.22.10.1) kinetic-security; urgency=medium
* SECURITY UPDATE: HTTP response splitting
- debian/patches/CVE-2021-33621*.patch: adds regex to lib/cgi/core.rb and
lib/cgi/cookie.rb along with tests to check http response headers and
cookie fields for invalid characters.
- CVE-2021-33621
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28755-*.patch: URI.parse should set empty
string in host instead of nil in lib/uri/rfc3986_parser.rb, raise
ArgumentError with empty host url again in
lib/net/http/generic_request.rb.
- debian/patches/fix-uri-tests.patch: Added assert_linear_performance
for URI tests
- CVE-2023-28755
* SECURITY UPDATE: ReDos
- debian/patches/CVE-2023-28756-*.patch: fix quadratic backtracking on
invalid time and make RFC2822 regexp linear in lib/time.rb.
- CVE-2023-28756
* debian/patches/fix-tzdata-tests.patch: Fix for tzdata-2022g
* debian/patches/fix-wss-tests.patch: Fix uninitialized constant URI::WSS
* debian/patches/fix-generic-tests.patch: Raise ArgumentError with empty
host url again
-- Nishit Majithia <email address hidden> Fri, 16 Jun 2023 09:51:21 +0530
Upload details
- Uploaded by:
- Nishit Majithia
- Uploaded to:
- Kinetic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- ruby
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| ruby3.1_3.1.2.orig.tar.xz | 12.3 MiB | 350013ef6640f15c42eae48d25c035999dcbb32e4be038d27ad891cb48d685a5 |
| ruby3.1_3.1.2-2ubuntu0.22.10.1.debian.tar.xz | 66.6 KiB | 77d2eca31221f600189f0ac3b7af8f335d817d8096944601d10a287d315fbeed |
| ruby3.1_3.1.2-2ubuntu0.22.10.1.dsc | 2.4 KiB | fc3f99c6d28fc3e1543a267d37fbe83b17461c3692713302ef9ea3f2f6b7005f |
Available diffs
Binary packages built by this source
- libruby3.1: No summary available for libruby3.1 in ubuntu kinetic.
No description available for libruby3.1 in ubuntu kinetic.
- libruby3.1-dbgsym: No summary available for libruby3.1-dbgsym in ubuntu kinetic.
No description available for libruby3.1-dbgsym in ubuntu kinetic.
- ruby3.1: No summary available for ruby3.1 in ubuntu kinetic.
No description available for ruby3.1 in ubuntu kinetic.
- ruby3.1-dbgsym: No summary available for ruby3.1-dbgsym in ubuntu kinetic.
No description available for ruby3.1-dbgsym in ubuntu kinetic.
- ruby3.1-dev: No summary available for ruby3.1-dev in ubuntu kinetic.
No description available for ruby3.1-dev in ubuntu kinetic.
- ruby3.1-doc: No summary available for ruby3.1-doc in ubuntu kinetic.
No description available for ruby3.1-doc in ubuntu kinetic.
