UbuntuUpdates.org

Package "libruby3.3"

Name: libruby3.3

Description:

Libraries necessary to run Ruby 3.3

Latest version: 3.3.4-2ubuntu5.1
Release: oracular (24.10)
Level: updates
Repository: main
Head package: ruby3.3
Homepage: https://www.ruby-lang.org/

Links


Download "libruby3.3"


Other versions of "libruby3.3" in Oracular

Repository Area Version
security main 3.3.4-2ubuntu5.1

Changelog

Version: 3.3.4-2ubuntu5.1 2024-11-05 07:06:56 UTC

  ruby3.3 (3.3.4-2ubuntu5.1) oracular-security; urgency=medium

  * SECURITY UPDATE: denial of service in REXML
    - debian/patches/CVE-2024-41946.patch: Add support for XML entity
      expansion limitation in SAX and pull parsers
    - debian/patches/CVE-2024-49761.patch: fix a bug that &#0x...; is
      accepted as a character reference
    - CVE-2024-41946
    - CVE-2024-49761

 -- Nishit Majithia <email address hidden> Fri, 25 Oct 2024 15:54:53 +0530

CVE-2024-41946 REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull
CVE-2024-49761 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...



About   -   Send Feedback to @ubuntu_updates