enterprise-support team mailing list archive

[Launchpad Bug Tracker <2083480@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package ruby3.2 - 3.2.3-1ubuntu0.24.04.3

---------------
ruby3.2 (3.2.3-1ubuntu0.24.04.3) noble-security; urgency=medium

  * SECURITY UPDATE: denial of service in REXML
    - debian/patches/CVE-2024-35176_39908_41123.patch: Read quoted
      attributes in chunks
    - debian/patches/CVE-2024-41946.patch: Add support for XML entity
      expansion limitation in SAX and pull parsers
    - debian/patches/CVE-2024-49761.patch: fix a bug that &#0x...; is
      accepted as a character reference
    - CVE-2024-35176
    - CVE-2024-39908
    - CVE-2024-41123
    - CVE-2024-41946
    - CVE-2024-49761

 -- Nishit Majithia <nishit.majithia@xxxxxxxxxxxxx>  Fri, 25 Oct 2024
14:06:35 +0530

** Changed in: ruby3.2 (Ubuntu Noble)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35176

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-39908

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-41123

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-41946

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-49761

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to krb5 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team, Ubuntu Server/Client Support Team, Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2083480

Title:
  SRU: no-change rebuild to pick up changed build flags on ppc64el and
  s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/2083480/+subscriptions