-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2853-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta December 27, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : ruby2.3 Version : 2.3.3-1+deb9u11 CVE ID : CVE-2021-41817 CVE-2021-41819 A cookie prefix spoofing vulnerability in CGI::Cookie.parse and a regular expression denial of service vulnerability (ReDoS) on date parsing methods were discovered in src:ruby2.1, the Ruby interpreter. For Debian 9 stretch, these problems have been fixed in version 2.3.3-1+deb9u11. We recommend that you upgrade your ruby2.3 packages. For the detailed security status of ruby2.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby2.3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmHK6JkACgkQgj6WdgbD S5Z0eg//axcQ/C6TkTwAqN/Z9Cm7cFMTqWUPsF4Oo/iJCWpmyIaXi+28nYKIAMra qS2KA6RdOO0yCjgd7mshA+d2K9zljMTM42RAJxkXtoZee3xtRVDjwD9Dvf08XbPZ bYcQVUH+Obn4sTEkaKViJcpRjiRO0EmSON9NWsXvFvgoG9OX2Y7Gu2YA3vIPQAMM giWeZr3Yg4Ar6PzuPNIOoqVkoaLshufU+ilp3XKF6txwSuTxcQEZ5ATJ9zw0vBvg m2cv6r+aBvBLdXDVMc2j9zCQ3SdNG+dK5vJr/KHRXGiTJKBI3nQMVIwCObcIiNZ2 InvDradTEZVE5ZM4yGA0GNeGmkUUjp8hu9DR/zUm6sBcBlcRH0lGN79XlJkb6cAt HyFw7vW3bAm0Lp1dLCbtGJgb6AolwYEBzCuDmTW77MKe6cnSxf+dysy1YLHZDnhz zBrUPEOpIQq2a5SGXpMz6DuRp9z9B9KecwYKXJBS0bcpJQcjSSqNSZwNBrQdk4Tj R1IhgBpnOmrdqNduaOcXyOqCnAI1OPZiHkvyn4ceTkYL9c7fLO/luVXyQY7lTwMZ SzeO7SPBxifQLg+m4ogL/7YzqI2k/vM2/NEg6zrJGcvfkr/2HagWHp20y/2t3Dq0 luxExmBKyUMoC1cNL2BSDoVID5ZhgGqwXfvaUlyk+b6wTYhLBhY= =uPTM -----END PGP SIGNATURE-----