ruby2.3 (2.3.1-2~ubuntu16.04.14) xenial-security; urgency=medium
* SECURITY UPDATE: NULL injection vulnerability
- debian/patches/CVE-2019-15845.patch: ensure that
pattern does not contain a NULL character in dir.c,
test/ruby/test_fnmatch.rb.
- CVE-2019-15845
* SECURITY UPDATE: Denial of service vulnerability
- debian/patches/CVE-2019-16201.patch: fix in
lib/webrick/httpauth/digestauth.rb,
test/webrick/test_httpauth.rb.
- CVE-2019-16201.patch
* SECURITY UPDATE: HTTP response splitting in WEBrick
- debian/patches/CVE-2019-16254.patch: prevent response
splitting and header injection in lib/webrick/httpresponse.rb,
test/webrick/test_httpresponse.rb.
- CVE-2019-16254
* SECURITY UPDATE: Code injection
- debian/patches/CVE-2019-16255.patch: prevent unknown command
in lib/shell/command-processor.rb, test/shell/test_command_processor.rb.
- CVE-2019-16255
Date: 2019-11-25 17:42:18.280999+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~ubuntu16.04.14
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
