diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-07-08 17:32:43 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-07-08 17:32:43 +0200 |
| commit | 35022c48a0167d79ad83f69c33eea08bda088d57 (patch) | |
| tree | 0fb89601f4fa4d33683ad2642e062e4fa64e7e80 | |
| parent | 882680ad241a7ff149089407319015c068874d45 (diff) | |
[DSA 4721-1] ruby2.5 security update
| -rw-r--r-- | english/security/2020/dsa-4721.data | 13 | ||||
| -rw-r--r-- | english/security/2020/dsa-4721.wml | 34 |
2 files changed, 47 insertions, 0 deletions
diff --git a/english/security/2020/dsa-4721.data b/english/security/2020/dsa-4721.data new file mode 100644 index 00000000000..3b226e9696e --- /dev/null +++ b/english/security/2020/dsa-4721.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-4721-1 ruby2.5</define-tag> +<define-tag report_date>2020-7-08</define-tag> +<define-tag secrefs>CVE-2020-10663 CVE-2020-10933</define-tag> +<define-tag packages>ruby2.5</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2020/dsa-4721.wml b/english/security/2020/dsa-4721.wml new file mode 100644 index 00000000000..8548330d9b1 --- /dev/null +++ b/english/security/2020/dsa-4721.wml @@ -0,0 +1,34 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>Several vulnerabilities have been discovered in the interpreter for the +Ruby language.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-10663">CVE-2020-10663</a> + + <p>Jeremy Evans reported an unsafe object creation vulnerability in the + json gem bundled with Ruby. When parsing certain JSON documents, the + json gem can be coerced into creating arbitrary objects in the + target system.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-10933">CVE-2020-10933</a> + + <p>Samuel Williams reported a flaw in the socket library which may lead + to exposure of possibly sensitive data from the interpreter.</p></li> + +</ul> + +<p>For the stable distribution (buster), these problems have been fixed in +version 2.5.5-3+deb10u2.</p> + +<p>We recommend that you upgrade your ruby2.5 packages.</p> + +<p>For the detailed security status of ruby2.5 please refer to its security +tracker page at: +<a href="https://security-tracker.debian.org/tracker/ruby2.5">https://security-tracker.debian.org/tracker/ruby2.5</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2020/dsa-4721.data" +# $Id: $ |