Le mardi 11 février 2025, 13:10:13 UTC Lucas Kanashiro a écrit : Ok and ELTS 2.5 is also affected I suppose..;
Will do Bastien > Hi, > > A regression in the latest ruby2.7 update was found by a Ubuntu user and > reported here: > > https://bugs.launchpad.net/ubuntu/+source/ruby2.7/+bug/2097527 > > Since we addressed the same CVEs in our latest update, I tried to > reproduce this with it, and we are also impacted: > > (bullseye-amd64-sbuild)root@atena:~# dpkg -l | grep ruby2.7 > ii libruby2.7:amd64 2.7.4-1+deb11u3 amd64 Libraries > necessary to run Ruby 2.7 > ii ruby2.7 2.7.4-1+deb11u3 amd64 Interpreter > of object-oriented scripting language Ruby > (bullseye-amd64-sbuild)root@atena:~# ruby -r rexml/document -e > 'REXML::Document.new(%(<?xml version="1.0"?><html > xmlns="http://www.w3.org/1999/xhtml"; xml:lang="ja" lang="ja"></html>))' > Traceback (most recent call last): > 7: from -e:1:in `<main>' > 6: from -e:1:in `new' > 5: from /usr/lib/ruby/2.7.0/rexml/document.rb:45:in `initialize' > 4: from /usr/lib/ruby/2.7.0/rexml/document.rb:288:in `build' > 3: from /usr/lib/ruby/2.7.0/rexml/parsers/treeparser.rb:23:in `parse' > 2: from /usr/lib/ruby/2.7.0/rexml/parsers/baseparser.rb:209:in `pull' > 1: from /usr/lib/ruby/2.7.0/rexml/parsers/baseparser.rb:432:in > `pull_event' > /usr/lib/ruby/2.7.0/rexml/parsers/baseparser.rb:748:in > `parse_attributes': Namespace conflict in adding attribute "lang": > Prefix "xml" = "" and prefix "" = "" (REXML::ParseException) > Line: 1 > Position: 88 > Last 80 unconsumed characters: > > > > The fix for the above seems straightforward. This is the patch applied > by Ubuntu: > > https://pastebin.ubuntu.com/p/VCvB6DrHnm/ > <https://pastebin.ubuntu.com/p/VCvB6DrHnm/> > > Bastien, I'd like to know if you want to follow-up on that since you > released this DLA. Otherwise, I can release the fix for this regression. > > Cheers > >
signature.asc
Description: This is a digitally signed message part.
