Source: ruby2.7 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for ruby2.7. CVE-2021-31799[0]: A command injection vulnerability in RDoc https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/ https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7) CVE-2021-31810[1]: Trusting FTP PASV responses vulnerability in Net::FTP https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/ https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (2.7) CVE-2021-32066[2]: A StartTLS stripping vulnerability in Net::IMAP https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/ https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (2.7) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-31799 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799 [1] https://security-tracker.debian.org/tracker/CVE-2021-31810 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810 [2] https://security-tracker.debian.org/tracker/CVE-2021-32066 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066 Please adjust the affected versions in the BTS as needed.