[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4018-2] ruby2.7 regression update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4018-2                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien Roucariès
February 11, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ruby2.7
Version        : 2.7.4-1+deb11u4

A regression was identified in rexml gem.

A corner case of XML namespace default namespace was not handled
correctly, and thus rexml failed to parse valid XML file.

For Debian 11 bullseye, this problem has been fixed in version
2.7.4-1+deb11u4.

We recommend that you upgrade your ruby2.7 packages.

For the detailed security status of ruby2.7 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby2.7

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmerzXkACgkQADoaLapB
CF/pAg/+PjK+fPApxuW/HiFvkXBUCbg2beAxr4gOkDqVXKDwLlWQj0xyTLRF/pir
dO5jdmecTCVWB4otCIixNsKmwfwby0jz8QK8VogZSztc/ZMEKEh1oSK69S1EbRUe
RydQPnXQ179rlXeMkKqqm96jSFSNv8rKhENeNLNEWk3v7nSj49p0HEz1FwCb8wPb
jYK5CVdXBdY9zNs0TXmuxHV+PPnjBx2jJRfK/neMOJoO0Xh9uUf3ywEw24F9BbYT
zc3iyR/Wz8a8r+EFfhgrZCWbE9Bs6LYZZeFWzxrJRlTdsgW6hW0/XGVfG/6y9Rui
yU0uCVH3ANQs38SZmSZCm1DvTtm65KfmZI9mQu/8t5FXbGAoUcmqpXkJdLRmmKHK
p84TnLZvyDwwVAkxGWyteUFxpsM3rAvJ+IwB5wyfaXBn/98ewgf8RcbijFz7ICfB
C9FMgRpF2dX+dFxKY8iO+xQ8F0e/vxZOMnhq6T1Gjc38U7RIkUdrh34ArVtmTjPm
7Uxae4KZvezrayZXFxAi1g14Gl9gXRAyrgisD8nVNicpzSWwteWTBLDv7aeGd/lj
7TEZo3wNhHwZGJS6RKSSfWYFv9O6QT/jxSIUM06zIXJRwyzre0OXD9KgRuJgH5+H
lGfmkPs/HRfFkAovdR1LpIeyh7W0k75ngTvnFDVYgqHyaLxs6eM=
=0I1p
-----END PGP SIGNATURE-----


Reply to: