Re: [SECURITY] [DLA 3077-1] ruby-tzinfo security update

To: debian-lts@lists.debian.org, Chris Lamb <lamby@debian.org>
Subject: Re: [SECURITY] [DLA 3077-1] ruby-tzinfo security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Fri, 19 Aug 2022 09:27:32 +0200
Message-id: <[🔎] 9b67da20-8b0e-9ec9-db75-3d4e38867aa5@debian.org>
In-reply-to: <166084476222.860718.9467480854233504767@copycat>
References: <166084476222.860718.9467480854233504767@copycat>

Hi Chris,

On 18/08/2022 19:46, Chris Lamb wrote:

-------------------------------------------------------------------------
Debian LTS Advisory DLA-3077-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
August 18, 2022                               https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : ruby-tzinfo
Version        : 1.2.5-1+deb10u1
CVE ID         : CVE-2022-31163

It was discovered that there was a potential directory traversal
vulnerablilty in ruby-tzinfo, a timezone library for the Ruby
programming language.

For Debian 10 "Buster", this problem has been fixed in version
1.2.5-1+deb10u1.

Could you please use the same template as everyone else? Not just forconsistency, but also to avoid breaking scripts that work on the announcements.


Thanks,
Emilio

Reply to:

Follow-Ups:
- Re: [SECURITY] [DLA 3077-1] ruby-tzinfo security update
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: Re: [SECURITY] [DLA 3075-1] schroot security update
Next by Date: Re: [SECURITY] [DLA 3077-1] ruby-tzinfo security update
Previous by thread: Re: [SECURITY] [DLA 3075-1] schroot security update
Next by thread: Re: [SECURITY] [DLA 3077-1] ruby-tzinfo security update
Index(es):
- Date
- Thread