Fedora 36: 2023-a7be7ea1aa Critical: ReDoS Fix in Ruby 3.1.4

Ruby is the interpreted scripting language for quick and easy

object-oriented programming. It has many features to process text

files and to do system management tasks (as in Perl). It is simple,

straight-forward, and extensible.

Upgrade to Ruby 3.1.4. * Fix ReDoS vulnerability in URI (CVE-2023-28755) * Fix

ReDoS vulnerability in Time (CVE-2023-28756) Fix bundler improperly resolving

archful gems in Gemfile.lock. (rhbz#2178171)

* Fri Mar 31 2023 Jarek Prokop jprokop@redhat.com - 3.1.4-175

- Upgrade to Ruby 3.1.4.

- Fix ReDoS vulnerability in URI (CVE-2023-28755)

- Fix ReDoS vulnerability in Time (CVE-2023-28756)

- Fix bundler improperly resolving archful gems in Gemfile.lock.

Resolves: rhbz#2178171

* Fri Jan 20 2023 Jun Aruga - 3.1.3-174

- Fix for tzdata-2022g.

[ 1 ] Bug #2184059 - CVE-2023-28755 ruby: ReDoS vulnerability in URI

https://bugzilla.redhat.com/show_bug.cgi?id=2184059

[ 2 ] Bug #2184061 - CVE-2023-28756 ruby: ReDoS vulnerability in Time

https://bugzilla.redhat.com/show_bug.cgi?id=2184061

su -c 'dnf upgrade --advisory FEDORA-2023-a7be7ea1aa' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: