[ubuntu/xenial-updates] ruby-rack 1.6.4-3ubuntu0.2 (Accepted)

Ubuntu Archive Robot Tue, 06 Apr 2021 04:28:24 -0700

ruby-rack (1.6.4-3ubuntu0.2) xenial-security; urgency=medium

  * Merge patches from Debian.
  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
      Dir[glob] to prevent user-specified glob metacharacters.
    - CVE-2020-8161
  * SECURITY UPDATE: Cookie forgery.
    - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
      decode the values.
    - CVE-2020-8184


Date: 2021-04-06 09:36:28.258683+00:00
Changed-By: Eduardo Barretto <eduardo.barre...@canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-ro...@lists.canonical.com>
https://launchpad.net/ubuntu/+source/ruby-rack/1.6.4-3ubuntu0.2

Sorry, changesfile not available.

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] ruby-rack 1.6.4-3ubuntu0.2 (Accepted)

Reply via email to