UbuntuUpdates.org

Package "ruby2.1"

This package belongs to a PPA: Brightbox Ruby NG Experimental

Name: ruby2.1

Description:

Interpreter of object-oriented scripting language Ruby

Latest version: 2.1.9-3bbox1~trusty1
Release: trusty (14.04)
Level: base
Repository: main

Links


Download "ruby2.1"


Other versions of "ruby2.1" in Trusty

No other version of this package is available in the Trusty release.

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.9-3bbox1~trusty1 2018-04-09 19:08:17 UTC

 ruby2.1 (2.1.9-3bbox1~trusty1) trusty; urgency=medium
 .
   * Backported CVE-2017-17742: HTTP response splitting in
     WEBrick
   * Backported CVE-2018-6914: Unintentional file and directory
     creation with directory traversal in tempfile and tmpdir
   * Backported CVE-2018-8778: Buffer under-read in String#unpack
   * Backported CVE-2018-8779: Unintentional socket creation by poisoned
     NUL byte in UNIXServer and UNIXSocket
   * Backported CVE-2018-8780: Unintentional directory traversal by
     poisoned NUL byte in Dir

Source diff to previous version
CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac
CVE-2018-6914 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp

Version: 2.1.9-2bbox1~trusty1 2018-01-15 20:08:18 UTC

 ruby2.1 (2.1.9-2bbox1~trusty1) trusty; urgency=medium
 .
   * Backported fixes for CVE-2017-17405 Net::FTP
   * Backported Unsafe Object Deserialization Vulnerability in RubyGems

Source diff to previous version
CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to

Version: 2.1.9-1bbox2~trusty1 2017-09-20 17:08:42 UTC

 ruby2.1 (2.1.9-1bbox2~trusty1) trusty; urgency=medium
 .
   * Backported fixes for CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
   * Updated rubygems to 2.4.5.3 to fix CVE-2017-0902, CVE-2017-0899,
     CVE-2017-0900 and CVE-2017-0901

Source diff to previous version

Version: 2.1.9-1bbox1~trusty1 2016-06-26 12:07:51 UTC

 ruby2.1 (2.1.9-1bbox1~trusty1) trusty; urgency=medium
 .
   * New upstream release

Source diff to previous version

Version: 2.1.8-1bbox1~trusty1 2015-12-27 23:08:16 UTC

 ruby2.1 (2.1.8-1bbox1~trusty1) trusty; urgency=medium
 .
   * New upstream release
   * Fixes CVE-2015-7551




About   -   Send Feedback to @ubuntu_updates