Bugs fixes in "ruby2.0"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2019-8323 | Escape sequence injection vulnerability in API response handling | 2019-04-11 |
| CVE | CVE-2019-8322 | Escape sequence injection vulnerability in gem owner | 2019-04-11 |
| CVE | CVE-2019-8321 | Escape sequence injection vulnerability in verbose | 2019-04-11 |
| CVE | CVE-2019-8320 | RESERVED | 2019-04-11 |
| CVE | CVE-2018-16396 | RESERVED | 2018-11-05 |
| CVE | CVE-2018-16395 | RESERVED | 2018-11-05 |
| CVE | CVE-2018-16396 | RESERVED | 2018-11-05 |
| CVE | CVE-2018-16395 | RESERVED | 2018-11-05 |
| CVE | CVE-2018-16396 | RESERVED | 2018-11-05 |
| CVE | CVE-2018-16395 | RESERVED | 2018-11-05 |
| CVE | CVE-2018-16396 | RESERVED | 2018-11-05 |
| CVE | CVE-2018-16395 | RESERVED | 2018-11-05 |
| CVE | CVE-2018-8777 | In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with | 2018-06-14 |
| CVE | CVE-2018-1000074 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 a | 2018-06-14 |
| CVE | CVE-2017-17742 | Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac | 2018-06-14 |
| CVE | CVE-2017-0898 | Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such | 2018-06-14 |
| CVE | CVE-2017-14064 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using st | 2018-06-14 |
| CVE | CVE-2017-10784 | The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject | 2018-06-14 |
| CVE | CVE-2017-0903 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specificatio | 2018-06-14 |
| CVE | CVE-2017-0902 | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to downlo | 2018-06-14 |
About
-
Send Feedback to @ubuntu_updates
