There have been a number of CVEs in Ruby announced recently, for example: https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/
Do these get picked up in the Debian ruby packages? Is it possible to update ruby2.3 to the 2.3.5 minor version? I wasn't able to find much information about Debian ruby security / maintenance policies. Thank you.