[ubuntu/oracular-proposed] ruby3.2 3.2.3-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Jun 14 12:47:17 UTC 2024 

ruby3.2 (3.2.3-1ubuntu1) oracular; urgency=medium

  * SECURITY UPDATE: code execution in RDoc
    - debian/patches/CVE-2024-27281-1.patch: filter marshalled objects in
      lib/rdoc/store.rb.
    - debian/patches/CVE-2024-27281-2.patch: fix NoMethodError for
      start_with in lib/rdoc/store.rb.
    - CVE-2024-27281
  * SECURITY UPDATE: heap data extraction via regex
    - debian/patches/CVE-2024-27282.patch: fix Use-After-Free issue for
      Regexp in regexec.c.
    - CVE-2024-27282

Date: Fri, 14 Jun 2024 07:50:43 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ruby3.2/3.2.3-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 14 Jun 2024 07:50:43 -0400
Source: ruby3.2
Built-For-Profiles: noudeb
Architecture: source
Version: 3.2.3-1ubuntu1
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 ruby3.2 (3.2.3-1ubuntu1) oracular; urgency=medium
 .
   * SECURITY UPDATE: code execution in RDoc
     - debian/patches/CVE-2024-27281-1.patch: filter marshalled objects in
       lib/rdoc/store.rb.
     - debian/patches/CVE-2024-27281-2.patch: fix NoMethodError for
       start_with in lib/rdoc/store.rb.
     - CVE-2024-27281
   * SECURITY UPDATE: heap data extraction via regex
     - debian/patches/CVE-2024-27282.patch: fix Use-After-Free issue for
       Regexp in regexec.c.
     - CVE-2024-27282
Checksums-Sha1:
 ddacf182338129df2fc76442cd8f49760d439405 2670 ruby3.2_3.2.3-1ubuntu1.dsc
 82858cd88e4b38b710a52eb1a8b0d4ef389ffd54 62392 ruby3.2_3.2.3-1ubuntu1.debian.tar.xz
 36b0e23dba658d56287f9eb07df78795d6de1b09 7529 ruby3.2_3.2.3-1ubuntu1_source.buildinfo
Checksums-Sha256:
 7eb62055a3517f36c6336c218a29036a02bba1a7cc29c08ef6ac8cb8147f21a1 2670 ruby3.2_3.2.3-1ubuntu1.dsc
 62d481ea2bcaaf599892be92ad6c9863ce1888eee0500e562f161d74fb9191f2 62392 ruby3.2_3.2.3-1ubuntu1.debian.tar.xz
 96be73e5a89be5e5294752eb4e8bdd749e2b70f6476ca4aad76eb26fd240502e 7529 ruby3.2_3.2.3-1ubuntu1_source.buildinfo
Files:
 f0fd5c5dad6c9471c0cecfcb0501d125 2670 ruby optional ruby3.2_3.2.3-1ubuntu1.dsc
 fed00c4cdc56ea49f1a179d801eae74d 62392 ruby optional ruby3.2_3.2.3-1ubuntu1.debian.tar.xz
 8c128122b1c6faa9df6c015255479ed4 7529 ruby optional ruby3.2_3.2.3-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>

More information about the oracular-changes mailing list