-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3447-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb June 06, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : ruby2.5 Version : 2.5.5-3+deb10u5 CVE IDs : CVE-2023-28755 CVE-2023-28756 Two regular expression Denial of Service (ReDoS) issues were discovered in Ruby: the first in the URI component, and the second in the Time module. Each of these issues could have resulted in a dramatic increase in execution time given malicious input. For Debian 10 buster, these problems have been fixed in version 2.5.5-3+deb10u5. We recommend that you upgrade your ruby2.5 packages. For the detailed security status of ruby2.5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby2.5 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmR/lgcACgkQHpU+J9Qx HlhiORAAiPXyZOadnygthfvNJ2sZsVuSNl4x6NAQFdZPwZ3+A/yu7EkmIEJd2isP ez+fpdINWFw/MNjXes/wLpUV+E5QmOLk2AUyFXeFaZ+fCdFa79eprq2gX82kkrJ2 dFjA/4coJqLKSDybTkaQD1c56YZwd2yn9uCcFhfO/SmfdDydA/cDbGUDcPFGGbks 50SOp7c1pMeXrI+9uRPDk+5qfBlWuu5WruJaR++XPACyP5NboxbfLN7hSGc+c5s9 bXyZpGNLX9KJNNNeDbDs5rcVXhqmNisvDHLkaCKpyjKv8wf33RZFJ9hdUT2Ms3GQ OktUlGKDqZPaCIJsrBQltGS55QRYeeljAeqr0aa3Pcz/B4HJ4sG6qWz7KdD12wDs KZmjDoVUREPdbxvDe3LgbxZVtvg7uxT9O9e7wH1Z0pHADWIUw46x7QitI8dQOcZY 3ATGTIIqpoxSEFNtvCSH4w70SE/IZQbMgX0QRCSiK8TtSDOZ2TYqJoBRMBZ9AhOI Y4GE9X2qb1HytQ8GwMB8XiUeKQIjtMII4DZCUAgBpBhFGt6qRxDJdltyO9yf4yx5 XtMH1voraomOO0AcMviiP717ERFpztzSZ7o+IIGTrKo0kuTq+JtFRrFfr83pwNuj 30u+FXqTiLEuTa0XzhS1ZR7tek20gilSusV4GO4veMGNEda7yUk= =+elP -----END PGP SIGNATURE-----