[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 3077-1] ruby-tzinfo security update

Hi Emilio,

> Could you please use the same template as everyone else? Not just for 
> consistency, but also to avoid breaking scripts that work on the announcements.

Very happy to! But it very much looks like I'm using the same format that
is generated in, for example, ./DLA-3077-1 within the security-tracker Git
working tree. What am I missing?

// Chris


>> -------------------------------------------------------------------------
>> Debian LTS Advisory DLA-3077-1                debian-lts@lists.debian.org
>> https://www.debian.org/lts/security/                           Chris Lamb
>> August 18, 2022                               https://wiki.debian.org/LTS
>> -------------------------------------------------------------------------
>> 
>> Package        : ruby-tzinfo
>> Version        : 1.2.5-1+deb10u1
>> CVE ID         : CVE-2022-31163
>> 
>> It was discovered that there was a potential directory traversal
>> vulnerablilty in ruby-tzinfo, a timezone library for the Ruby
>> programming language.
>> 
>> For Debian 10 "Buster", this problem has been fixed in version
>> 1.2.5-1+deb10u1.

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-
Reply to: