-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3450-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta June 09, 2023 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : ruby2.5 Version : 2.5.5-3+deb10u6 CVE ID : CVE-2021-33621 CVE-2022-28739 Debian Bug : 1009957 1024800 1037178 A couple of security issues were discovered in ruby2.5, the Ruby interpreter, and are as follows - CVE-2021-33621 Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. CVE-2022-28739 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. For Debian 10 buster, these problems have been fixed, along with the regressions caused by the last Ruby update, in version 2.5.5-3+deb10u6. We recommend that you upgrade your ruby2.5 packages. For the detailed security status of ruby2.5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby2.5 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmSC/YIACgkQgj6WdgbD S5Z1iw/9GYglH8mV2z5D4Lq+Rg2C2VWc5SpaIyH5zbORwsXqb7huqGRuRQi3cjqn QQ7MH2dlWOQ0ccQhygBDxGxtpfFNcqH17F6rq9pK9WOhanapkjnqFpdknrzlwISa pZe5XU1YJQPz1F9iSqrJL26MwTH1vCeQCyRFk97UH+B6/mKyeBduNhlbUIHV5ZyI oGn+dpDhxRCYPnrR9Lqh7CS2NhTFQMxIiWN+vREpj/l8DG6IpoQ4uKwPsqM3n2S1 GeUAp4BzlilLtBEVjxJIXMEInHBnXacgPMSHfq/q8cqSxxEOxuL77+oJ+gxVGkcy ge0X/RH4CiBp1eTIRaXnBH3Prm5NdUM6T1sFSNxuX9tT5XSSAqGRTnRypvq10/FI kJ+ZpDVMCqdsL7VtB1xSJ4lrC2j3TRQyywTLvgrm5yW6GI08MUEbz5JMmlRK6B2T DeerGSWhyBBCxiuNMqiNi56JDeRxZg5zoASaKz8LqDbrzYSNzGINxEfiCjWvYPPC EH1KFZqvBW/Z+oBt3KGxy6b/nqRvbcDJQXnTnHgQRSSe/J+eFGuwWuzh7HvROt10 WxykHJn1RE8nEr5E7W4j8V7AYH7LRFjr678O/U0FwcS+TALVsPv1fRrHXRH+6I0z NMc8n+1oDwnLNY8puaOWg5Tn4QhB+sX8mUSWukEe1+PD+JM2TLA= =C331 -----END PGP SIGNATURE-----