Unsubscribe On Mon, 30 Jan 2023 at 22:34, Utkarsh Gupta <guptautkarsh2...@gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > - ----------------------------------------------------------------------- > Debian LTS Advisory DLA-3303-1 debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Utkarsh Gupta > January 31, 2023 https://wiki.debian.org/LTS > - ----------------------------------------------------------------------- > > Package : ruby-git > Version : 1.2.8-1+deb10u1 > CVE ID : CVE-2022-25648 CVE-2022-46648 CVE-2022-47318 > Debian Bug : 1009926 > > A couple of vulnerabilities were reported against ruby-git, a Ruby > interface to the Git revision control system, that could lead to a > command injection and execution of an arbitrary ruby code by having > a user to load a repository containing a specially crafted filename > to the product. > > For Debian 10 buster, these problems have been fixed in version > 1.2.8-1+deb10u1. > > We recommend that you upgrade your ruby-git packages. > > For the detailed security status of ruby-git please refer to > its security tracker page at: > https://security-tracker.debian.org/tracker/ruby-git > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmPYRZwACgkQgj6WdgbD > S5YUGQ/+PkeeE9jqGgMdiea0rNSXXF0HMdu8hEjqCPNlB9x3imjf7YStlGfdZ48c > aYFLfAh8LiQXuKnfs8ZLhQgsCfMj7DHoZ8HLvQW4Oe6HSeQ5IoTfu8nBI65umQ1p > eoNszLVUNwOIzF+Un1flanGxwV5FlS+U1/lS+RLfJBV3RAHy7UPwWrdXd4d/jEw3 > hlDTn7FZcdWADVvVDqXfsWjQBNUpULW8tSWw4mk7FxjUfnffxgGPN6hjZEn8wFpO > q1j+90ndPi/dDu5zRPP7gFYhGj328/+DvQZyJDTaPemHoGTzQuEBJJN/wv0BOd5R > pQYCp7WMoQC3AQLdx7QmGT1Y1opfR0QHZs+yhNgCrkSsrYWuY+RQNhpgWpbC5QRc > Kc1E/02UOhvY5864xL8njjS78udrw7XL++XAn9zgA/ftWLl0k9iprG3yEZL05CKC > tsLEiPfWdpS29Ffz0rYea2K1LOBEysKnYQxkfASai1USIGBdjckVrdkSatnpz3Hc > +kzMjc09d8DHqKu38NRlRBn9epX8oIMja1UO0n95Bgh5J30+X7FD22W8O+b1b3oa > g5X/W63H7PHyL33QWpAKoMY7nQzM25CS8/Iipkn+Pp5CN3Cdir4zbNnDgV2SYPkr > nX1GOqTcwvjtw9PEcGKLxz4dsPQ7QErY9mww3r5q85RGpciLqko= > =DgpZ > -----END PGP SIGNATURE----- > >
