File _patchinfo of Package patchinfo.23806

<patchinfo incident="23806">
  <issue tracker="cve" id="2021-31810"/>
  <issue tracker="cve" id="2021-41817"/>
  <issue tracker="cve" id="2022-28739"/>
  <issue tracker="cve" id="2021-31799"/>
  <issue tracker="cve" id="2021-32066"/>
  <issue tracker="bnc" id="1198441">VUL-0: CVE-2022-28739: ruby: Buffer overrun in String-to-Float conversion</issue>
  <issue tracker="bnc" id="1188161">VUL-0: CVE-2021-31810: ruby,ruby2.1,ruby2.5: Trusting FTP PASV responses vulnerability in Net:FTP</issue>
  <issue tracker="bnc" id="1190375">VUL-0: CVE-2021-31799: rubygem-rdoc,rubygem-rdoc-3,ruby,ruby2.1,ruby2.5: Command injection vulnerability in RDoc</issue>
  <issue tracker="bnc" id="1188160">VUL-0: CVE-2021-32066: ruby,ruby2.1,ruby2.5: A StartTLS stripping vulnerability in Net:IMAP</issue>
  <issue tracker="bnc" id="1193035">VUL-0: CVE-2021-41817: ruby2.1, ruby2.5, ruby2.7, ruby3.0: Regular Expression Denial of Service Vulnerability of Date Parsing Methods</issue>
  <packager>darix</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ruby2.5</summary>
  <description>This update for ruby2.5 fixes the following issues:

- CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441).
- CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035).
- CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).
- CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). 
</description>
</patchinfo>
Places

File _patchinfo of Package patchinfo.23806

Places
