[SECURITY] [DLA 3077-1] ruby-tzinfo security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3077-1] ruby-tzinfo security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 18 Aug 2022 13:46:26 -0400 (EDT)
Message-id: <[🔎] 166084476222.860718.9467480854233504767@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3077-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
August 18, 2022                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ruby-tzinfo
Version        : 1.2.5-1+deb10u1
CVE ID         : CVE-2022-31163

It was discovered that there was a potential directory traversal
vulnerablilty in ruby-tzinfo, a timezone library for the Ruby
programming language.

For Debian 10 "Buster", this problem has been fixed in version
1.2.5-1+deb10u1.

We recommend that you upgrade your ruby-tzinfo packages.

For the detailed security status of ruby-tzinfo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-tzinfo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmL+etgACgkQHpU+J9Qx
HljDEg/+LjvW6LY/EImY/bLQF0Fez2A7Wgn5Y/hhSS8A7ibbqGVChS6NQ5FYBQie
7+/1og01DsLc/z/J0HkKhTL+6jrRCowKuKj3xUdnbvpd7HeeGE0jCgekG7cr/DE2
O61dFYy+XXWWkS3abO8l9wGskzVf5lyN6zXlNMewIt//8awqsY17mbkdEM/mN+uo
SL+200+I1kWkWJFZTV5d6xJeDNQZFiQiOElzG8eFsgds15AERM7xbRzi0hPayu3h
0ICMt87nsGsJeRxKuzqI9Anm/qRb+zagqsO8D2k6TH/7jto1O6fAanOOKhetFHB5
itc4DW4YOm48HutGtEcBYwtv7rDk7PL7bMA53TIgQihccVVE2Ywg3fR1x2jXXiMj
/XTw+a/rPZoXDxD3V+z4hrdYoXBmWgWzCWYCV+39s+46q0JtXMv4e6c1Th4zeSx6
gtNJ954qzL5/1aN1ImzEUJ3EAbTf/qetR0M1+DYVcXz7c4RlPGbdIJbGOuL+lbyM
q17FMXcHlpTrj7ez1+7qqDZuKSlepf7lMLXSSNGNJEPcZUdwekS+3KeOtukiiLty
b8BMrKmTEl6UUn5Y9z6mdkmBR45+wWeVwOo8cDZ61TtBGCr9xZnSNK8S1P/YGFCR
oGqJOfqp4cZzFKfUhgQCQgzKKS1/wbicun5d9X8snWtwiHps7yE=
=QzF7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3076-1] freecad security update
Next by Date: [SECURITY] [DLA 3078-1] kicad security update
Previous by thread: [SECURITY] [DLA 3076-1] freecad security update
Next by thread: [SECURITY] [DLA 3078-1] kicad security update
Index(es):
- Date
- Thread