-
ruby3.1 (3.1.2-7ubuntu3.3) mantic-security; urgency=medium
* SECURITY UPDATE: buffer over-read in StringIO
- debian/patches/CVE-2024-27280.patch: fix expanding size at
ungetc/ungetbyte in ext/stringio/stringio.c,
test/stringio/test_stringio.rb.
- CVE-2024-27280
-- Marc Deslauriers <email address hidden> Wed, 19 Jun 2024 10:28:10 -0400
-
ruby3.1 (3.1.2-7ubuntu3.2) mantic-security; urgency=medium
* SECURITY UPDATE: code execution in RDoc
- debian/patches/CVE-2024-27281-1.patch: filter marshalled objects in
lib/rdoc/store.rb.
- debian/patches/CVE-2024-27281-2.patch: fix NoMethodError for
start_with in lib/rdoc/store.rb.
- CVE-2024-27281
* SECURITY UPDATE: heap data extraction via regex
- debian/patches/CVE-2024-27282.patch: fix Use-After-Free issue for
Regexp in regexec.c.
- CVE-2024-27282
-- Marc Deslauriers <email address hidden> Fri, 14 Jun 2024 07:58:00 -0400
-
ruby3.1 (3.1.2-7ubuntu3.1) mantic; urgency=medium
* d/p/fix-ruby_xfree-segfault.patch: fix occasional segfault (LP: #2049197).
* Replace expired certificate in tests with upstream patch (LP: #2051380).
- d/p/renew-test-certificates-d3933fc753187a055a4904af82f5f3794c88c416.patch
-- Lucas Kanashiro <email address hidden> Wed, 20 Mar 2024 17:39:43 -0300
-
ruby3.1 (3.1.2-7ubuntu3) mantic; urgency=medium
* Mark strlcat strlcpy as optional, since they are now part of glibc
-- Gianfranco Costamagna <email address hidden> Mon, 25 Sep 2023 16:45:36 +0200
-
ruby3.1 (3.1.2-7ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-36617.patch: changes regex behaviour
in lib/url/rfc2396_parser.rb, lib/uri/rfc3986_parser.rb.
- CVE-2023-36617
-- Marc Deslauriers <email address hidden> Fri, 22 Sep 2023 14:23:46 -0400
-
ruby3.1 (3.1.2-7ubuntu1) mantic; urgency=medium
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28755.patch: URI.parse should set empty
string in host instead of nil in lib/uri/rfc3986_parser.rb, raise
ArgumentError with empty host url again in
lib/net/http/generic_request.rb.
- debian/patches/fix-uri-tests.patch: Added assert_linear_performance
for URI tests
- CVE-2023-28755
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28756.patch: fix quadratic backtracking on
invalid time and make RFC2822 regexp linear in lib/time.rb.
- CVE-2023-28756
* debian/patches/fix-wss-tests.patch: Fix uninitialized constant URI::WSS
* debian/patches/fix-fiber-tests.patch: Fix actual hostname resolution
* debian/patches/fix-generic-tests.patch: Raise ArgumentError with empty
host url again
-- Nishit Majithia <email address hidden> Fri, 16 Jun 2023 09:49:28 +0530
-
ruby3.1 (3.1.2-7) unstable; urgency=medium
* Upload to unstable
-- Antonio Terceiro <email address hidden> Sat, 25 Mar 2023 14:20:34 -0300
-
ruby3.1 (3.1.2-6) unstable; urgency=medium
* Add missing dependencies for pkg-config test
-- Antonio Terceiro <email address hidden> Thu, 26 Jan 2023 09:34:07 -0300
