[ubuntu/bionic-proposed] ruby2.3 2.3.3-1+deb9u1 (Accepted)

Sat Oct 28 20:07:07 UTC 2017

ruby2.3 (2.3.3-1+deb9u1) stretch-security; urgency=high

  * Fix arbitrary heap exposure problem in the JSON library (Closes: #873906)
    [CVE-2017-14064]
    - Backported for Ruby 2.3 by Hiroshi SHIBATA <hsbt at ruby-lang.org>
      https://bugs.ruby-lang.org/issues/13853
  * Fix multiple security vulnerabilities in Rubygems (Closes: #873802)
    - Fix a DNS request hijacking vulnerability. Discovered by Jonathan
      Claudius, fix by Samuel Giddins.
      [CVE-2017-0902]
    - Fix an ANSI escape sequence vulnerability. Discovered by Yusuke Endoh,
      fix by Evan Phoenix.
      [CVE-2017-0899]
    - Fix a DOS vulernerability in the query command. Discovered by Yusuke
      Endoh, fix by Samuel Giddins.
      [CVE-2017-0900]
    - Fix a vulnerability in the gem installer that allowed a malicious gem to
      overwrite arbitrary files. Discovered by Yusuke Endoh, fix by Samuel
      Giddins.
      [CVE-2017-0901]
  * Fix SMTP comment injection (Closes: #864860)
    Patch by Shugo Maeda <shugo at ruby-lang.org>
    [CVE-2015-9096]
  * Fix IV Reuse in GCM Mode (Closes: #842432)
    Patch by Kazuki Yamaguchi <k at rhe.jp>
    [CVE-2016-7798]

Date: 2017-10-07 11:10:03.182804+00:00
Changed-By: Antonio Terceiro <antonio.terceiro at linaro.org>
Signed-By: Jeremy Bicha <jeremy at bicha.net>
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.3-1+deb9u1
-------------- next part --------------
Sorry, changesfile not available.