Package "ruby2.0-doc"
Name: |
ruby2.0-doc
|
Description: |
Documentation for Ruby 2.0
|
Latest version: |
2.0.0.484-1ubuntu2.13 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Head package: |
ruby2.0 |
Homepage: |
http://www.ruby-lang.org/ |
Links
Download "ruby2.0-doc"
Other versions of "ruby2.0-doc" in Trusty
Changelog
ruby2.0 (2.0.0.484-1ubuntu2.6) trusty-security; urgency=medium
* SECURITY UPDATE: Directory traversal
- debian/patches/CVE-2018-1000073.patch: fix in
lib/rubygems/package.rb.
- CVE-2018-1000073
* SECURITY UPDATE: Deserialization untrusted data
- debian/patches/CVE-2018-1000074.patch fix in
lib/rubygems/commands/owner_command.rb,
test/rubygems/test_gem_commands_owner_command.rb.
- CVE-2018-1000074
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2018-1000075.patch: fix in
lib/rubygems/package/tar_header.rb,
test/rubygems/test_gem_package_tar_header.rb.
- CVE-2018-1000075
* SECURITY UPDATE: Improper verification of crypto
signature
- debian/patches/CVE-2018-1000076.patch: fix in
lib/rubygems/package.rb, lib/rubygems/pacage/tar_writer.rb,
test/rubygems/test_gem_pacakge.rg
- CVE-2018-1000076
* SECURITY UPDATE: Validation vulnerability
- debian/patches/CVE-2018-1000077.patch: fix in
lib/rubygems/specification.rb,
test/rubygems/test_gem_specification.rb.
- CVE-2018-1000077
* SECURITY UPDATE: Cross site scripting
- debian/patches/CVE-2018-1000078.patch: fix in
lib/rubygems/server.rb.
- CVE-2018-1000078
* SECURITY UPDATE: Directory traversal
- debian/patches/CVE-2018-1000079.patch: fix in
lib/rubygems/package.rb, test/rubygems/test_gem_package.rb.
- CVE-2018-1000079
-- <email address hidden> (Leonidas S. Barbosa) Tue, 03 Apr 2018 15:37:15 -0300
|
Source diff to previous version |
ruby2.0 (2.0.0.484-1ubuntu2.5) trusty-security; urgency=medium
* SECURITY UPDATE: command injection through Net::FTP
- debian/patches/CVE-2017-17405.patch: fix command injection
in lib/net/ftp.rb, test/net/ftp/test_ftp.rb.
- CVE-2017-17405
-- <email address hidden> (Leonidas S. Barbosa) Mon, 18 Dec 2017 15:53:12 -0300
|
Source diff to previous version |
CVE-2017-17405 |
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to |
|
ruby2.0 (2.0.0.484-1ubuntu2.4) trusty-security; urgency=medium
* SECURITY UPDATE: incorrect hostname matching
- debian/patches/CVE-2015-1855.patch: implement stricter hostname
validation per RFC 6125 in ext/openssl/lib/openssl/ssl.rb, added
tests to test/openssl/test_ssl.rb.
- CVE-2015-1855
* SECURITY UPDATE: DoS and possible code execution in Fiddle::Handle
- debian/patches/CVE-2015-7551.patch: check tainted string arguments in
ext/fiddle/handle.c, added tests to test/fiddle/test_handle.rb.
- CVE-2015-7551
* SECURITY UPDATE: SMTP command injection
- debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in
lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb.
- CVE-2015-9096
* SECURITY UPDATE: type confusion in tcltkip
- debian/patches/CVE-2016-2337.patch: check argument in
ext/tk/tcltklib.c.
- CVE-2016-2337
* SECURITY UPDATE: heap overflow in Fiddle::Function.new
- debian/patches/CVE-2016-2339.patch: check arguments in
ext/fiddle/function.c.
- CVE-2016-2339
* SECURITY UPDATE: use of same initialization vector (IV)
- debian/patches/CVE-2016-7798.patch: don't set dummy key in
ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb.
- CVE-2016-7798
* debian/rules: add note on enabling the full test suite
* debian/patches/fix_tests.patch: fix some broken tests.
-- Marc Deslauriers <email address hidden> Tue, 20 Jun 2017 07:58:57 -0400
|
Source diff to previous version |
CVE-2015-1855 |
OpenSSL extension hostname matching implementation violates RFC 6125 |
CVE-2015-7551 |
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple O |
CVE-2015-9096 |
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF |
CVE-2016-2337 |
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cau |
CVE-2016-2339 |
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "i |
CVE-2016-7798 |
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo |
|
ruby2.0 (2.0.0.484-1ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via XML expansion
- debian/patches/CVE-2014-8090.patch: add REXML::Document#document
to rexml/document.rb, add warning to rexml/entity.rb, added tests to
test/rexml/test_document.rb.
- CVE-2014-8090
-- Marc Deslauriers <email address hidden> Wed, 19 Nov 2014 08:53:33 -0500
|
Source diff to previous version |
|
ruby2.0 (2.0.0.484-1ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via buffer overrun in encodes
function
- debian/patches/CVE-2014x-4975.patch: properly calculate buffer size
in pack.c, added test to test/ruby/test_pack.rb.
- CVE-2014-4975
* SECURITY UPDATE: denial of service via XML expansion
- debian/patches/CVE-2014-8080.patch: limit expansions in
lib/rexml/entity.rb, added tests to test/rexml/test_document.rb,
test/rexml/test_entity.rb.
- CVE-2014-8080
-- Marc Deslauriers <email address hidden> Mon, 03 Nov 2014 09:57:14 -0500
|
|
About
-
Send Feedback to @ubuntu_updates