-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5066-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 03, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby2.5 CVE ID : CVE-2021-28965 CVE-2021-31799 CVE-2021-31810 CVE-2021-41817 CVE-2021-41819 CVE-2021-32066 Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service. For the oldstable distribution (buster), these problems have been fixed in version 2.5.5-3+deb10u4. We recommend that you upgrade your ruby2.5 packages. For the detailed security status of ruby2.5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby2.5 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmH8KnkACgkQEMKTtsN8 TjbjRQ//fxv67xTROanUJfCRvAX1xWjQufJCKgs+hto3kvSdm/ONMVQNXqk4PxeH Rm3lYbjz9b4Phc2jLUcO56AHX8eAY+ukiSg5Vy/gNxzGo8jgciIqSs2UpJO8CYW3 EIqKGf2uM7CgTh8ufjqtC1udxoD2TYyw1EkFwFHYYVmIlKNXW8ZBU6AdBCvz6hn5 MyiBjtf8DHXTP43SjEmDA9tRC4cQiKXkrcDdcGqyuesUUgX3y/u5Le1y2KdMhsnW jv9X75YFcHHIrgT3zHKv5hPeLk0EpkD/llEiWyQzXe3YgAd7u6pe37m7HR51YlNR +36gV0g0zHoOA5ODsPqDEBwDQl97Y/6R7rGCYgZ13b0zBNURUWSRIhrvEpgJoVoC lEnGcq9B67oldYVi8cpfQ07rBjbRLPNmiVFZytG/V1/kXrM6HTYLha5/hj8s4NXA N3P4eBmZAANzQRoKDB94ItghbzdfZb2OlH+3LICJikVsAwWjA0vxgCO9MHrX6Amn n8+9Hgly+n2RZuCKu1gaOeORrESNNUj9CzUEXTUpoOStSbEdGSkjW2gMkTf1QhlL 1X4J6tCm7Gl9dmwSinIFRlCcnLcJb6fTUSwvPMWAuy2rVSvfbGlWuq0xT5txMP8x b8p3aXahA1elN1Y253UzBvcnaJS0EigTgJZz2loUoV4GyEWD624= =GDTs -----END PGP SIGNATURE-----