Package "ri1.9.1"
Name: |
ri1.9.1
|
Description: |
Ruby Interactive reference (for Ruby 1.9.1)
|
Latest version: |
1:1.9.3.551-557bbox8~xenial1 |
Release: |
xenial (16.04) |
Level: |
base |
Repository: |
main |
Head package: |
ruby1.9.1 |
Links
Download "ri1.9.1"
Other versions of "ri1.9.1" in Xenial
No other version of this package is available
in the Xenial release.
Changelog
ruby1.9.1 (1:1.9.3.551-557bbox8~xenial1) xenial; urgency=medium
.
* Backported CVE-2017-17742: HTTP response splitting in
WEBrick
* Backported CVE-2018-6914: Unintentional file and directory
creation with directory traversal in tempfile and tmpdir
* Backported CVE-2018-8778: Buffer under-read in String#unpack
* Backported CVE-2018-8779: Unintentional socket creation by poisoned
NUL byte in UNIXServer and UNIXSocket
* Backported CVE-2018-8780: Unintentional directory traversal by
poisoned NUL byte in Dir
* Fix a bunch of tests that were mostly failing due to launchpad build
environent issues
* Update timetzone tests for new timezone data
* Use correct compiler on Ubuntu Artful and up (gcc5).
|
Source diff to previous version |
CVE-2017-17742 |
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac |
CVE-2018-6914 |
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5 |
CVE-2018-8778 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format ( |
CVE-2018-8779 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method |
CVE-2018-8780 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp |
|
ruby1.9.1 (1:1.9.3.551-557bbox7~xenial2) xenial; urgency=medium
.
* Backported CVE-2017-17742: HTTP response splitting in
WEBrick
* Backported CVE-2018-6914: Unintentional file and directory
creation with directory traversal in tempfile and tmpdir
* Backported CVE-2018-8778: Buffer under-read in String#unpack
* Backported CVE-2018-8779: Unintentional socket creation by poisoned
NUL byte in UNIXServer and UNIXSocket
* Backported CVE-2018-8780: Unintentional directory traversal by
poisoned NUL byte in Dir
* Fix a bunch of tests that were mostly failing due to launchpad build
environent issues
* Use correct compiler on Ubuntu Artful and up (gcc5).
* Build no longer depends on ruby
|
Source diff to previous version |
CVE-2017-17742 |
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac |
CVE-2018-6914 |
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5 |
CVE-2018-8778 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format ( |
CVE-2018-8779 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method |
CVE-2018-8780 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp |
|
ruby1.9.1 (1:1.9.3.551-557bbox7~xenial1) xenial; urgency=medium
.
* Backported CVE-2017-17742: HTTP response splitting in
WEBrick
* Backported CVE-2018-6914: Unintentional file and directory
creation with directory traversal in tempfile and tmpdir
* Backported CVE-2018-8778: Buffer under-read in String#unpack
* Backported CVE-2018-8779: Unintentional socket creation by poisoned
NUL byte in UNIXServer and UNIXSocket
* Backported CVE-2018-8780: Unintentional directory traversal by
poisoned NUL byte in Dir
* Fix a bunch of tests that were mostly failing due to launchpad build
environent issues
* Use correct compiler on Ubuntu Artful and up (gcc5).
* Build doesn't depend on ruby, fixes Bionic builds.
|
Source diff to previous version |
CVE-2017-17742 |
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac |
CVE-2018-6914 |
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5 |
CVE-2018-8778 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format ( |
CVE-2018-8779 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method |
CVE-2018-8780 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp |
|
ruby1.9.1 (1:1.9.3.551-556bbox1~xenial2) xenial; urgency=medium
.
* Backported fixes for CVE-2017-17405 Net::FTP
* Backported Unsafe Object Deserialization Vulnerability in RubyGems
|
Source diff to previous version |
CVE-2017-17405 |
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to |
|
ruby1.9.1 (1:1.9.3.551-555bbox2~xenial1) xenial; urgency=medium
.
* Backported fixes for CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
* Backported rubygems fixes for CVE-2017-0899, CVE-2017-0900 and
CVE-2017-0901
|
About
-
Send Feedback to @ubuntu_updates