projects / ruby2.3.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 4a43f3b 02a0f5a)
ruby2.3 (2.3.3-1+deb9u11) stretch-security; urgency=high
authorUtkarsh Gupta <utkarsh@debian.org>
Sun, 5 Dec 2021 23:55:44 +0000 (23:55 +0000)
committerUtkarsh Gupta <utkarsh@debian.org>
Sun, 5 Dec 2021 23:55:44 +0000 (23:55 +0000)
commit521387c2d82fdc8e6079d98236fc4be569fb2aae
tree1c0beb125b953674e4c6c829b2a75105f0618a01tree | snapshot
parent4a43f3bf316265e37a004e4e49743f2d5f79af16commit | diff
parent02a0f5a59e34fc146389852a6688e7e34b0932a5commit | diff
ruby2.3 (2.3.3-1+deb9u11) stretch-security; urgency=high

  * Add length limit option for methods that parses
    date strings. (Fixes: CVE-2021-41817)
  * When parsing cookies, only decode the values.
    (Fixes: CVE-2021-41819)

[dgit import unpatched ruby2.3 2.3.3-1+deb9u11]
53 files changed:
debian/README.porting | | blob
debian/README.source | | blob
debian/TODO | | blob
debian/changelog | | blob
debian/compat | | blob
debian/control | | blob
debian/copyright | | blob
debian/deleted_on_clean.txt | | blob
debian/docs | | blob
debian/gbp.conf | | blob
debian/libruby.stp | | blob
debian/libruby2.3.install | | blob
debian/libruby2.3.lintian-overrides | | blob
debian/libruby2.3.symbols | | blob
debian/manpages/gem2.3.1 | | blob
debian/manpages/gem2.3.rd | | blob
debian/manpages/rdoc2.3.1 | | blob
debian/manpages/rdoc2.3.rd | | blob
debian/manpages/testrb2.3.1 | | blob
debian/manpages/testrb2.3.rd | | blob
debian/missing-sources/jquery.js | | blob
debian/newruby | | blob
debian/patches/CVE-2019-8320-25.patch | | blob
debian/patches/CVE-2020-10663.patch | | blob
debian/patches/CVE-2020-25613.patch | | blob
debian/patches/CVE-2021-31799.patch | | blob
debian/patches/CVE-2021-31810.patch | | blob
debian/patches/CVE-2021-32066.patch | | blob
debian/patches/CVE-2021-41817-followup.patch | | blob
debian/patches/CVE-2021-41817.patch | | blob
debian/patches/CVE-2021-41819.patch | | blob
debian/patches/Fix-for-wrong-fnmatch-patttern.patch | | blob
debian/patches/Loop-with-String-scan-without-creating-substrings.patch | | blob
debian/patches/WEBrick-prevent-response-splitting-and-header-inject.patch | | blob
debian/patches/debian-changes | | blob
debian/patches/lib-shell-command-processor.rb-Shell-prevent-unknown.patch | | blob
debian/patches/series | | blob
debian/quick-build.sh | | blob
debian/ruby2.3-dev.install | | blob
debian/ruby2.3.install | | blob
debian/ruby2.3.lintian-overrides | | blob
debian/ruby2.3.manpages | | blob
debian/rules | | blob
debian/sanity_check | | blob
debian/source/format | | blob
debian/split-tk-out.rb | | blob
debian/tests/bundled-gems | | blob
debian/tests/control | | blob
debian/tests/known-failures.txt | | blob
debian/tests/run-all | | blob
debian/upstream-changes | | blob
debian/upstream-changes.blacklist | | blob
debian/watch | | blob
Unnamed repository; edit this file 'description' to name the repository.