Univention Bugzilla – Bug 51711
rake: Multiple issues (4.4)
Last modified: 2020-07-29 16:50:44 CEST
New Debian rake 10.5.0-2+deb9u1 fixes: This update addresses the following issue: * OS Command Injection via egrep in Rake::FileList (CVE-2020-8130)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/rake_10.5.0-2.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/rake_10.5.0-2+deb9u1.dsc @@ -1,3 +1,8 @@ +10.5.0-2+deb9u1 [Sat, 29 Feb 2020 20:57:18 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Team upload + * Add patch to use File.open explicitly. (Fixes: CVE-2020-8130) + 10.5.0-2 [Tue, 01 Mar 2016 19:15:02 +0100] Christian Hofstaedtler <zeha@debian.org>: * Team upload. <http://10.200.17.11/4.4-5/#4103099913871822931>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 8cb57ea14c Bug #51711: rake 10.5.0-2+deb9u1 doc/errata/staging/rake.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x673>