From: Raspbian automatic forward porter <root@raspbian.org>
Date: Wed, 13 Oct 2021 14:59:02 +0000 (+0100)
Subject: Merge version 2.3.3-1+deb9u9+rpi1 and 2.3.3-1+deb9u10 to produce 2.3.3-1+deb9u10... 
X-Git-Tag: archive/raspbian/2.3.3-1+deb9u10+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=67082cf2109188cd9d8ac520b388fda5fa619e12;p=ruby2.3.git

Merge version 2.3.3-1+deb9u9+rpi1 and 2.3.3-1+deb9u10 to produce 2.3.3-1+deb9u10+rpi1
---

67082cf2109188cd9d8ac520b388fda5fa619e12
diff --cc debian/changelog
index 20ce87d,251f4c9..ddffe83
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,13 +1,20 @@@
- ruby2.3 (2.3.3-1+deb9u9+rpi1) stretch-staging; urgency=medium
++ruby2.3 (2.3.3-1+deb9u10+rpi1) stretch-staging; urgency=medium
 +
 +  [changes brought forward from 2.3.3-1+deb9u1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sat, 21 Oct 2017 22:40:37 +0000]
 +  * Disable testsuite.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Thu, 01 Oct 2020 22:03:49 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Wed, 13 Oct 2021 14:59:02 +0000
++
+ ruby2.3 (2.3.3-1+deb9u10) stretch-security; urgency=high
+ 
+   * Add patch to use File.open to fix the OS Command
+     Injection vulnerability. (Fixes: CVE-2021-31799)
+   * Add patch to fix StartTLS stripping vulnerability.
+     (Fixes: CVE-2021-32066)
+   * Add patch to ignore IP addresses in PASV responses
+     by default. (Fixes: CVE-2021-31810)
+ 
+  -- Utkarsh Gupta <utkarsh@debian.org>  Sun, 19 Sep 2021 09:10:46 +0530
  
  ruby2.3 (2.3.3-1+deb9u9) stretch-security; urgency=high