-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 27 Jan 2022 21:16:13 +0530 Source: ruby2.7 Architecture: source Version: 2.7.4-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Utkarsh Gupta <utkarsh@debian.org> Closes: 1002995 Changes: ruby2.7 (2.7.4-1+deb11u1) bullseye-security; urgency=high . * Add length limit option for methods that parses date strings. (Fixes: CVE-2021-41817) * When parsing cookies, only decode the values. (Fixes: CVE-2021-41819) * Add patch to fix integer overflow. (Fixes: CVE-2021-41816) (Closes: #1002995) Checksums-Sha1: 871ef14fb9d227b05cfc622ac2350cc87819efea 2538 ruby2.7_2.7.4-1+deb11u1.dsc c3af416830ab3a87ca8b3fdc2b8fc99522baee39 10810480 ruby2.7_2.7.4.orig.tar.xz 40b5f9d71e5fbe7b785575f9dabe9f30e183c798 117148 ruby2.7_2.7.4-1+deb11u1.debian.tar.xz 34b4a2ea6307549b38d17e21a3ce0d17fd3f6919 6538 ruby2.7_2.7.4-1+deb11u1_source.buildinfo Checksums-Sha256: 4caad4963907b583fc23dedcf7aa13a390968a7a1ece49f433520374c027d8e0 2538 ruby2.7_2.7.4-1+deb11u1.dsc a42c6089f82d9ab8dad2e72ba5b318f4177ff7bb17a584ae3834521e4f43c9b5 10810480 ruby2.7_2.7.4.orig.tar.xz 083cac247e2427eeb6be84a23938afc087f99abd21140fe9dba6a464a6f8f2c2 117148 ruby2.7_2.7.4-1+deb11u1.debian.tar.xz 9672dc284b6bed0a7052f7533a60639a1cd03f46c395122d70057651b1753fc9 6538 ruby2.7_2.7.4-1+deb11u1_source.buildinfo Files: da9d3f0d512c9315f7b3b7e9d4379244 2538 ruby optional ruby2.7_2.7.4-1+deb11u1.dsc a66187d2e06edf92b45b03a840ba6570 10810480 ruby optional ruby2.7_2.7.4.orig.tar.xz 3473e8057489d791b8a4af11a7606d50 117148 ruby optional ruby2.7_2.7.4-1+deb11u1.debian.tar.xz 098f47c3765e2b1b80dd3fcb63ce4df7 6538 ruby optional ruby2.7_2.7.4-1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmH5ZUMTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlioDEACLl1SZv3zuvG/wb2uWGn268+FplI97 T3sE5mLzrYEga/K6X3rKJhJWXZxOofxpktFCy2hVHWQuLOtKsLh4cjswCnz+15CN 0TqDTglP4pN6Nbift77YdoFxx5ci/Aed0QwFRrlQjygsbw4dMJLKt8uyAuKTURr2 qNg52eu0DUQPjn2JTStf7vadlkafvAgCIgwfrKefyxxXd5TefJyxqyvJtw6CHRYR +N3oN0JkpG54ChwlZQ+2yWO80ogRl4XuyP//eJ70S5/seK/oV64O/YuKedqvcICV CLyGg3hQEHWM97NqxdnDI8BTrvR1Kx2MyKioe82auPFsfWwLmN6xscOtU331yHlq 0cbPliQMwOavgtGu4RZfiSQ8An4OnijSHOduS5FqBGnf+MQBtpW9yL1SYpYKTtD7 esLAVwXWNyv9BnEsR/9ySGj0cCQMFqutdYFv/t/TABZQMtAX6YfL5heRoQxB6V6u doA2b5pkZaZ+Y6cEGR+QJwy9GTWa06MSI7sS98sYEnZPVB+phRWwZg5piTP0nq4X 80SHaKaJPoolR7afVzFeEP7m3x204ZSdNjzXriOLK79qxF+M6SzbV57CsJGMHGMa 8Gb33xPR4r42ss6scvDHYl4aTW5+/w0F4fFwS7h4ZvREMHPyK9PtZDNBAEugIUet 6WyrPc3cuaZNbA== =ldkR -----END PGP SIGNATURE-----