From: Raspbian automatic forward porter <root@raspbian.org>
Date: Mon, 27 Dec 2021 09:34:42 +0000 (+0000)
Subject: Merge version 2.3.3-1+deb9u10+rpi1 and 2.3.3-1+deb9u11 to produce 2.3.3-1+deb9u11... 
X-Git-Tag: archive/raspbian/2.3.3-1+deb9u11+rpi1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e5f2eadc188a7ef9a2c3f963087e51937a11fada;p=ruby2.3.git

Merge version 2.3.3-1+deb9u10+rpi1 and 2.3.3-1+deb9u11 to produce 2.3.3-1+deb9u11+rpi1
---

f3e8f4bb29cd6e37ce705d5e3a33415b33067b73
diff --cc debian/changelog
index ddffe83,a5a14c8..c5ec87d
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,11 +1,18 @@@
- ruby2.3 (2.3.3-1+deb9u10+rpi1) stretch-staging; urgency=medium
++ruby2.3 (2.3.3-1+deb9u11+rpi1) stretch-staging; urgency=medium
 +
 +  [changes brought forward from 2.3.3-1+deb9u1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sat, 21 Oct 2017 22:40:37 +0000]
 +  * Disable testsuite.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Wed, 13 Oct 2021 14:59:02 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Mon, 27 Dec 2021 09:34:42 +0000
++
+ ruby2.3 (2.3.3-1+deb9u11) stretch-security; urgency=high
+ 
+   * Add length limit option for methods that parses
+     date strings. (Fixes: CVE-2021-41817)
+   * When parsing cookies, only decode the values.
+     (Fixes: CVE-2021-41819)
+ 
+  -- Utkarsh Gupta <utkarsh@debian.org>  Mon, 06 Dec 2021 05:25:44 +0530
  
  ruby2.3 (2.3.3-1+deb9u10) stretch-security; urgency=high