Debian alert DLA-3866-1 (ruby-tzinfo)

From:
             
 
Adrian Bunk <bunk@debian.org>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 3866-1] ruby-tzinfo security update
Date:
             
 
Tue, 03 Sep 2024 11:10:20 +0300
Message-ID:
             
 
<ZtbEbEQoFToXoB+N@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3866-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 03, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ruby-tzinfo
Version        : 1.2.6-1+deb11u1
CVE ID         : CVE-2022-31163

Path traversal that allowed TZInfo::Timezone.get to load arbitrary files 
has been fixed in ruby-tzinfo, a Ruby library for working with time zone
information.

For Debian 11 bullseye, this problem has been fixed in version
1.2.6-1+deb11u1.

We recommend that you upgrade your ruby-tzinfo packages.

For the detailed security status of ruby-tzinfo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-tzinfo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmbWxGgACgkQiNJCh6LY
mLHcERAAkrtYRKxAlHslrXofMbqcJ5OrUCrcpUICMtkExINLOOsQFsh/TjDw9soZ
frJM+B5pR9air6zxWFuxjF/cuWyGwkELfNZGrvOtus0SBEhkjvmRoHOE+35DINCJ
d0OWF4qKA8HrWFldzN761kUKOH5zVqvnEMbmguIs4CnPBIl3vWSNoqYGnWjf/ZfQ
lkENjFBGKe1mAoecA5/Y6nrWR1J/ZKOZ+B0AaMtkS+fjogJWkC5LFVTfTo+murjM
QyvW3s3Yd93KHGlW2jX//QPnz6csDpeIXJJBTYK99ABQLRfSFJuQiqbYRg6SUEsV
CJCQg2PrsN1akF4o6R8NeVRQ3oillAlgH6JFS/sJ1Zmj7O/jFoqaCVLf7U/Kl5jH
f97rZauGpap4dVrYTI9d3KtGWb0oW2+sdJAVLfbETxJzLGNGiYEhR0AvqV+FGlkP
QGpSWlmF5vSLMfkCxnJ0ev6fuTEf7sm5vvj1Wp7r9OCHnl8T+fG+fw059HvLI8ak
6cVy/6tVv5HqY25gOicK4LdiiqrFue0YJTYOVufEx24nein2RIutum4BSk8aX5qr
xBZFn+yzpd0SDB5NzqTJ2lvPrgan0pG5NdayUdZRixzqQchRdWHOigShJ5FkZsOk
3By3RJABRSAezaJkap1ouZpSkULaLhpCv7kQgf3cNY4b5zPBycw=
=FdVv
-----END PGP SIGNATURE-----