| Errata ID | 53 |
|---|---|
| Date | 2019-04-24 |
| Source package | ruby2.3 |
| Fixed in version | 2.3.3-1+deb9u6 |
| Description | This update addresses the following issues: * Delete directory using symlink when decompressing tar (CVE-2019-8320) * Escape sequence injection vulnerability in verbose (CVE-2019-8321) * Escape sequence injection vulnerability in gem owner (CVE-2019-8322) * Escape sequence injection vulnerability in API response handling (CVE-2019-8323) * Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) * Escape sequence injection vulnerability in errors (CVE-2019-8325) |
| Additional notes | |
| CVE ID | CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 |
| UCS Bug number | #49332 |
