This bug was fixed in the package ruby3.2 - 3.2.3-1ubuntu0.24.04.3
---------------
ruby3.2 (3.2.3-1ubuntu0.24.04.3) noble-security; urgency=medium
* SECURITY UPDATE: denial of service in REXML
- debian/patches/CVE-2024-35176_39908_41123.patch: Read quoted
attributes in chunks
- debian/patches/CVE-2024-41946.patch: Add support for XML entity
expansion limitation in SAX and pull parsers
- debian/patches/CVE-2024-49761.patch: fix a bug that �x...; is
accepted as a character reference
- CVE-2024-35176
- CVE-2024-39908
- CVE-2024-41123
- CVE-2024-41946
- CVE-2024-49761
-- Nishit Majithia <[email protected]> Fri, 25 Oct 2024
14:06:35 +0530
** Changed in: ruby3.2 (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35176
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-39908
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-41123
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-41946
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-49761
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to krb5 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team, Ubuntu Server/Client
Support Team, Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2083480
Title:
SRU: no-change rebuild to pick up changed build flags on ppc64el and
s390x
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/2083480/+subscriptions
--
Mailing list: https://launchpad.net/~enterprise-support
Post to : [email protected]
Unsubscribe : https://launchpad.net/~enterprise-support
More help : https://help.launchpad.net/ListHelp
