[ubuntu/focal-updates] ruby2.7 2.7.0-5ubuntu1.18 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Apr 7 14:01:46 UTC 2025
ruby2.7 (2.7.0-5ubuntu1.18) focal-security; urgency=medium
* SECURITY UPDATE: DoS in CGI Gem
- debian/patches/CVE-2025-27219.patch: use String#concat instead of
String#+ for reducing cpu usage in lib/cgi/cookie.rb.
- CVE-2025-27219
* SECURITY UPDATE: ReDoS in CGI Gem
- debian/patches/CVE-2025-27220.patch: escape/unescape unclosed tags as
well in lib/cgi/util.rb, test/cgi/test_cgi_util.rb.
- CVE-2025-27220
* SECURITY UPDATE: credential leak in URI gem
- debian/patches/CVE-2025-27221-1.patch: truncate userinfo in
lib/uri/generic.rb, test/uri/test_generic.rb.
- debian/patches/CVE-2025-27221-2.patch: fix merger of URI with
authority component in lib/uri/generic.rb, test/uri/test_generic.rb.
- CVE-2025-27221
Date: 2025-03-11 14:18:27.410338+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.18
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list