UbuntuUpdates.org

Package "ruby2.0-tcltk"

This package belongs to a PPA: Brightbox Ruby NG Experimental

Name: ruby2.0-tcltk

Description:

Ruby/Tk for Ruby 2.0

Latest version: 2.0.0.648-654bbox1~xenial1
Release: xenial (16.04)
Level: base
Repository: main
Head package: ruby2.0

Links


Download "ruby2.0-tcltk"


Other versions of "ruby2.0-tcltk" in Xenial

No other version of this package is available in the Xenial release.

Changelog

Version: 2.0.0.648-654bbox1~xenial1 2018-04-10 15:08:22 UTC

 ruby2.0 (2.0.0.648-654bbox1~xenial1) xenial; urgency=medium
 .
   * Backported CVE-2017-17742: HTTP response splitting in
     WEBrick
   * Backported CVE-2018-6914: Unintentional file and directory
     creation with directory traversal in tempfile and tmpdir
   * Backported CVE-2018-8778: Buffer under-read in String#unpack
   * Backported CVE-2018-8779: Unintentional socket creation by poisoned
     NUL byte in UNIXServer and UNIXSocket
   * Backported CVE-2018-8780: Unintentional directory traversal by
     poisoned NUL byte in Dir

Source diff to previous version
CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac
CVE-2018-6914 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp

Version: 2.0.0.648-653bbox1~xenial1 2018-01-15 20:08:18 UTC

 ruby2.0 (2.0.0.648-653bbox1~xenial1) xenial; urgency=medium
 .
   * Backported fixes for CVE-2017-17405 Net::FTP
   * Backported Unsafe Object Deserialization Vulnerability in RubyGems

Source diff to previous version
CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to

Version: 2.0.0.648-652bbox2~xenial1 2017-09-22 21:08:57 UTC

 ruby2.0 (2.0.0.648-652bbox2~xenial1) xenial; urgency=medium
 .
   * Backported fixes for CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
   * Backported rubygems fixes for CVE-2017-0902, CVE-2017-0899,
     CVE-2017-0900 and CVE-2017-0901

Source diff to previous version

Version: 2.0.0.648-2bbox1~xenial2 2016-06-27 06:55:55 UTC

 ruby2.0 (2.0.0.648-2bbox1~xenial2) xenial; urgency=low
 .
   * Fix alternatives priority to match the other ruby pkgs




About   -   Send Feedback to @ubuntu_updates