Overview

File _patchinfo of Package patchinfo.38196

<patchinfo incident="38196">
  <issue tracker="cve" id="2020-36327"/>
  <issue tracker="bnc" id="1185842">VUL-0: CVE-2020-36327: rubygem-bundler: Bundler chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen</issue>
  <packager>srbaker</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for rubygem-bundler</summary>
  <description>This update for rubygem-bundler fixes the following issues:

- CVE-2020-36327: Fixed bundler choosing a dependency source based
  on the highest gem version number, which means that a rogue gem
  found at a public source may be chosen (bsc#1185842)

Other fixes:    
- Updated to version 2.2.34
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places