Skip to content
This repository has been archived by the owner on Oct 10, 2023. It is now read-only.

0.272.0

Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 18 Jan 21:13
· 98 commits to main since this release

Notably, this release addresses:

USN-5235-1 USN-5235-1: Ruby vulnerabilities:

  • CVE-2021-41816: [Buffer Overrun in CGI.escape_html]
  • CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
  • CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
  • CVE-2021-41816: [Buffer Overrun in CGI.escape_html]
  • CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
  • CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
-ii  libruby2.5:amd64       2.5.1-1ubuntu1.10 amd64  Libraries necessary to run Ruby 2.5
+ii  libruby2.5:amd64       2.5.1-1ubuntu1.11 amd64  Libraries necessary to run Ruby 2.5
-ii  libsystemd0:amd64      237-3ubuntu10.52  amd64  systemd utility library
+ii  libsystemd0:amd64      237-3ubuntu10.53  amd64  systemd utility library
-ii  libudev1:amd64         237-3ubuntu10.52  amd64  libudev shared library
+ii  libudev1:amd64         237-3ubuntu10.53  amd64  libudev shared library
-ii  linux-libc-dev:amd64   4.15.0-163.171    amd64  Linux Kernel Headers for development
+ii  linux-libc-dev:amd64   4.15.0-166.174    amd64  Linux Kernel Headers for development
-ii  ruby2.5                2.5.1-1ubuntu1.10 amd64  Interpreter of object-oriented scripting language Ruby
+ii  ruby2.5                2.5.1-1ubuntu1.11 amd64  Interpreter of object-oriented scripting language Ruby
-ii  systemd                237-3ubuntu10.52  amd64  system and service manager
-ii  systemd-sysv           237-3ubuntu10.52  amd64  system and service manager - SysV links
+ii  systemd                237-3ubuntu10.53  amd64  system and service manager
+ii  systemd-sysv           237-3ubuntu10.53  amd64  system and service manager - SysV links
-ii  ubuntu-advantage-tools 27.4.2~18.04.1    amd64  management tools for Ubuntu Advantage
+ii  ubuntu-advantage-tools 27.5~18.04.1      amd64  management tools for Ubuntu Advantage
-ii  udev                   237-3ubuntu10.52  amd64  /dev/ and hotplug management daemon
+ii  udev                   237-3ubuntu10.53  amd64  /dev/ and hotplug management daemon