-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 06 Dec 2021 05:25:44 +0530 Source: ruby2.3 Architecture: source Version: 2.3.3-1+deb9u11 Distribution: stretch-security Urgency: high Maintainer: Antonio Terceiro <terceiro@debian.org> Changed-By: Utkarsh Gupta <utkarsh@debian.org> Changes: ruby2.3 (2.3.3-1+deb9u11) stretch-security; urgency=high . * Add length limit option for methods that parses date strings. (Fixes: CVE-2021-41817) * When parsing cookies, only decode the values. (Fixes: CVE-2021-41819) Checksums-Sha1: 276c9cee065a324cfefb53b7f2df0848b72db320 2536 ruby2.3_2.3.3-1+deb9u11.dsc f47b1a3beb1dee13355a3d5e6f23ee7e03428e8b 8359724 ruby2.3_2.3.3.orig.tar.xz cd3b708e33fb302089803b0f521ba45c920ca23c 134404 ruby2.3_2.3.3-1+deb9u11.debian.tar.xz c16184d0271be2a17f8fe3742f43eafe31fe2a1f 6881 ruby2.3_2.3.3-1+deb9u11_source.buildinfo Checksums-Sha256: 899ecdfd059aba51c8f4252c8f036bbac86e7cfd24eb02a55064e5e745c83460 2536 ruby2.3_2.3.3-1+deb9u11.dsc 799796bb740832c7257f45089fdbd9cd57686cac033f88d0b078063b6d3d77ad 8359724 ruby2.3_2.3.3.orig.tar.xz 6aca7ccd263668db2bb3d82b0469a422fc0fe033ba71600eb7120cba0a6f4548 134404 ruby2.3_2.3.3-1+deb9u11.debian.tar.xz 36dae66912bf652edb22d727b14b54f42c15b617d5d31d1a0475ea861ff3320f 6881 ruby2.3_2.3.3-1+deb9u11_source.buildinfo Files: 342d4931ea957fdf26205d29c5588357 2536 ruby optional ruby2.3_2.3.3-1+deb9u11.dsc c331a69a24e5ed52d7ccecf08e4ed5e8 8359724 ruby optional ruby2.3_2.3.3.orig.tar.xz 40abc23e3db56f734f20e0b2b142b668 134404 ruby optional ruby2.3_2.3.3-1+deb9u11.debian.tar.xz 8e2ca76e6e7d427918c2d08356d0d858 6881 ruby optional ruby2.3_2.3.3-1+deb9u11_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmHJBlQTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlui7D/9Ze8Mr04PiqXw353m3UaEc2wy8uns0 syYUMT7sfNh2fnrEEVwP7T5g5h8DgphEeXpQkj9tUCfAGRcNYOv+MCnp2Nqu0d6y UfYl/l5XQNOD0xJW0sHuCvvPiMhPVObchQlpaY4ONNZcpZ3kFDxbVVFwHqsezDuo 1iHHpANYYvo/bH5PnRmQeG0EpcOiHU8dCLzIXgjKFpiTQBigzcCk++UoHU51uReq MN13ebp6Es6NyxeBOwNzH7gDjBoGDJUwQEQrZr3BfHCZ7N/9u9kWbE6Xh8i+NLwr vUdBHcUlC8Y3JYk18MUQXpXRI9cAX7ccUY+U+A340p7lFzmalU4iTCfRUmLPQmis aozMhNa/kwrDc/krtkLWWePjd2lwvoBdPlZz+5ujo8mxS7hN6CDUvyuC1DXKeNKK FJ1d4vXqYk1QYKoPLUG57Z2hTOtnkCTQ1x1sYl4Jk8MKf9I0/g3PFWFI2hxXqdce DcvBlL9Mz5lra424Pe/SPvhRsYUsBaCsxEYsuJp0rSey0nHgaPhI9S5QHxGbA2i/ PtQ0vW2OqaRMYdGr+WpXYtDFiC7IEpouh7tP3e46XRG0rskhZiqGfx4uZbPnlEXE qrTbt+ko9dxpxmMBp6sdHhYBqnHW0j+JMfABE8ah+9Me+Y/ps3BoOLqTwrLIgglN u9udjgbsvu0uiw== =eAna -----END PGP SIGNATURE-----