This repository has been archived by the owner on Oct 10, 2023. It is now read-only.
0.272.0
cf-buildpacks-eng
released this
18 Jan 21:13
·
98 commits
to main
since this release
Notably, this release addresses:
USN-5235-1 USN-5235-1: Ruby vulnerabilities:
- CVE-2021-41816: [Buffer Overrun in CGI.escape_html]
- CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
- CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
- CVE-2021-41816: [Buffer Overrun in CGI.escape_html]
- CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
- CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
-ii libruby2.5:amd64 2.5.1-1ubuntu1.10 amd64 Libraries necessary to run Ruby 2.5
+ii libruby2.5:amd64 2.5.1-1ubuntu1.11 amd64 Libraries necessary to run Ruby 2.5
-ii libsystemd0:amd64 237-3ubuntu10.52 amd64 systemd utility library
+ii libsystemd0:amd64 237-3ubuntu10.53 amd64 systemd utility library
-ii libudev1:amd64 237-3ubuntu10.52 amd64 libudev shared library
+ii libudev1:amd64 237-3ubuntu10.53 amd64 libudev shared library
-ii linux-libc-dev:amd64 4.15.0-163.171 amd64 Linux Kernel Headers for development
+ii linux-libc-dev:amd64 4.15.0-166.174 amd64 Linux Kernel Headers for development
-ii ruby2.5 2.5.1-1ubuntu1.10 amd64 Interpreter of object-oriented scripting language Ruby
+ii ruby2.5 2.5.1-1ubuntu1.11 amd64 Interpreter of object-oriented scripting language Ruby
-ii systemd 237-3ubuntu10.52 amd64 system and service manager
-ii systemd-sysv 237-3ubuntu10.52 amd64 system and service manager - SysV links
+ii systemd 237-3ubuntu10.53 amd64 system and service manager
+ii systemd-sysv 237-3ubuntu10.53 amd64 system and service manager - SysV links
-ii ubuntu-advantage-tools 27.4.2~18.04.1 amd64 management tools for Ubuntu Advantage
+ii ubuntu-advantage-tools 27.5~18.04.1 amd64 management tools for Ubuntu Advantage
-ii udev 237-3ubuntu10.52 amd64 /dev/ and hotplug management daemon
+ii udev 237-3ubuntu10.53 amd64 /dev/ and hotplug management daemon