[SECURITY] [DLA 3303-1] ruby-git security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3303-1] ruby-git security update
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Tue, 31 Jan 2023 04:03:35 +0530
Message-id: <[🔎] CAPP0f96PZvoaMzpyN=5+ijcjnZcX7POOd+MQf8XrMs+ncSzOBw@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3303-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
January 31, 2023                            https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : ruby-git
Version        : 1.2.8-1+deb10u1
CVE ID         : CVE-2022-25648 CVE-2022-46648 CVE-2022-47318
Debian Bug     : 1009926

A couple of vulnerabilities were reported against ruby-git, a Ruby
interface to the Git revision control system, that could lead to a
command injection and execution of an arbitrary ruby code by having
a user to load a repository containing a specially crafted filename
to the product.

For Debian 10 buster, these problems have been fixed in version
1.2.8-1+deb10u1.

We recommend that you upgrade your ruby-git packages.

For the detailed security status of ruby-git please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-git

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmPYRZwACgkQgj6WdgbD
S5YUGQ/+PkeeE9jqGgMdiea0rNSXXF0HMdu8hEjqCPNlB9x3imjf7YStlGfdZ48c
aYFLfAh8LiQXuKnfs8ZLhQgsCfMj7DHoZ8HLvQW4Oe6HSeQ5IoTfu8nBI65umQ1p
eoNszLVUNwOIzF+Un1flanGxwV5FlS+U1/lS+RLfJBV3RAHy7UPwWrdXd4d/jEw3
hlDTn7FZcdWADVvVDqXfsWjQBNUpULW8tSWw4mk7FxjUfnffxgGPN6hjZEn8wFpO
q1j+90ndPi/dDu5zRPP7gFYhGj328/+DvQZyJDTaPemHoGTzQuEBJJN/wv0BOd5R
pQYCp7WMoQC3AQLdx7QmGT1Y1opfR0QHZs+yhNgCrkSsrYWuY+RQNhpgWpbC5QRc
Kc1E/02UOhvY5864xL8njjS78udrw7XL++XAn9zgA/ftWLl0k9iprG3yEZL05CKC
tsLEiPfWdpS29Ffz0rYea2K1LOBEysKnYQxkfASai1USIGBdjckVrdkSatnpz3Hc
+kzMjc09d8DHqKu38NRlRBn9epX8oIMja1UO0n95Bgh5J30+X7FD22W8O+b1b3oa
g5X/W63H7PHyL33QWpAKoMY7nQzM25CS8/Iipkn+Pp5CN3Cdir4zbNnDgV2SYPkr
nX1GOqTcwvjtw9PEcGKLxz4dsPQ7QErY9mww3r5q85RGpciLqko=
=DgpZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3302-1] nova security update
Next by Date: [SECURITY] [DLA 3304-1] fig2dev security update
Previous by thread: [SECURITY] [DLA 3302-1] nova security update
Next by thread: [SECURITY] [DLA 3304-1] fig2dev security update
Index(es):
- Date
- Thread