Package "ruby1.9.1"
Name: |
ruby1.9.1
|
Description: |
Interpreter of object-oriented scripting language Ruby
|
Latest version: |
1:1.9.3.551-557bbox8~xenial1 |
Release: |
xenial (16.04) |
Level: |
base |
Repository: |
main |
Links
Download "ruby1.9.1"
Other versions of "ruby1.9.1" in Xenial
No other version of this package is available
in the Xenial release.
Packages in group
Deleted packages are displayed in grey.
Changelog
ruby1.9.1 (1:1.9.3.551-557bbox8~xenial1) xenial; urgency=medium
.
* Backported CVE-2017-17742: HTTP response splitting in
WEBrick
* Backported CVE-2018-6914: Unintentional file and directory
creation with directory traversal in tempfile and tmpdir
* Backported CVE-2018-8778: Buffer under-read in String#unpack
* Backported CVE-2018-8779: Unintentional socket creation by poisoned
NUL byte in UNIXServer and UNIXSocket
* Backported CVE-2018-8780: Unintentional directory traversal by
poisoned NUL byte in Dir
* Fix a bunch of tests that were mostly failing due to launchpad build
environent issues
* Update timetzone tests for new timezone data
* Use correct compiler on Ubuntu Artful and up (gcc5).
|
Source diff to previous version |
CVE-2017-17742 |
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac |
CVE-2018-6914 |
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5 |
CVE-2018-8778 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format ( |
CVE-2018-8779 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method |
CVE-2018-8780 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp |
|
ruby1.9.1 (1:1.9.3.551-557bbox7~xenial2) xenial; urgency=medium
.
* Backported CVE-2017-17742: HTTP response splitting in
WEBrick
* Backported CVE-2018-6914: Unintentional file and directory
creation with directory traversal in tempfile and tmpdir
* Backported CVE-2018-8778: Buffer under-read in String#unpack
* Backported CVE-2018-8779: Unintentional socket creation by poisoned
NUL byte in UNIXServer and UNIXSocket
* Backported CVE-2018-8780: Unintentional directory traversal by
poisoned NUL byte in Dir
* Fix a bunch of tests that were mostly failing due to launchpad build
environent issues
* Use correct compiler on Ubuntu Artful and up (gcc5).
* Build no longer depends on ruby
|
Source diff to previous version |
CVE-2017-17742 |
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac |
CVE-2018-6914 |
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5 |
CVE-2018-8778 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format ( |
CVE-2018-8779 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method |
CVE-2018-8780 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp |
|
ruby1.9.1 (1:1.9.3.551-557bbox7~xenial1) xenial; urgency=medium
.
* Backported CVE-2017-17742: HTTP response splitting in
WEBrick
* Backported CVE-2018-6914: Unintentional file and directory
creation with directory traversal in tempfile and tmpdir
* Backported CVE-2018-8778: Buffer under-read in String#unpack
* Backported CVE-2018-8779: Unintentional socket creation by poisoned
NUL byte in UNIXServer and UNIXSocket
* Backported CVE-2018-8780: Unintentional directory traversal by
poisoned NUL byte in Dir
* Fix a bunch of tests that were mostly failing due to launchpad build
environent issues
* Use correct compiler on Ubuntu Artful and up (gcc5).
* Build doesn't depend on ruby, fixes Bionic builds.
|
Source diff to previous version |
CVE-2017-17742 |
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac |
CVE-2018-6914 |
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5 |
CVE-2018-8778 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format ( |
CVE-2018-8779 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method |
CVE-2018-8780 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp |
|
ruby1.9.1 (1:1.9.3.551-556bbox1~xenial2) xenial; urgency=medium
.
* Backported fixes for CVE-2017-17405 Net::FTP
* Backported Unsafe Object Deserialization Vulnerability in RubyGems
|
Source diff to previous version |
CVE-2017-17405 |
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to |
|
ruby1.9.1 (1:1.9.3.551-555bbox2~xenial1) xenial; urgency=medium
.
* Backported fixes for CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
* Backported rubygems fixes for CVE-2017-0899, CVE-2017-0900 and
CVE-2017-0901
|
About
-
Send Feedback to @ubuntu_updates