This bug was fixed in the package ruby3.2 - 3.2.3-1ubuntu0.24.04.3
---------------
ruby3.2 (3.2.3-1ubuntu0.24.04.3) noble-security; urgency=medium
* SECURITY UPDATE: denial of service in REXML
- debian/patches/CVE-2024-35176_39908_41123.patch: Read quoted
attributes in chunks
- debian/patches/CVE-2024-41946.patch: Add support for XML entity
expansion limitation in SAX and pull parsers
- debian/patches/CVE-2024-49761.patch: fix a bug that �x...; is
accepted as a character reference
- CVE-2024-35176
- CVE-2024-39908
- CVE-2024-41123
- CVE-2024-41946
- CVE-2024-49761
-- Nishit Majithia <nishit.majit...@canonical.com> Fri, 25 Oct 2024
14:06:35 +0530
** Changed in: ruby3.2 (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35176
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-39908
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-41123
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-41946
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-49761
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to libselinux in Ubuntu.
https://bugs.launchpad.net/bugs/2083480
Title:
SRU: no-change rebuild to pick up changed build flags on ppc64el and
s390x
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/2083480/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
