Bugs fixes in "ruby2.6"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2022-28739 | RESERVED | 2022-04-20 |
| CVE | CVE-2021-41819 | RESERVED | 2022-04-20 |
| CVE | CVE-2021-41817 | RESERVED | 2022-04-20 |
| CVE | CVE-2021-31799 | A command injection vulnerability in RDoc | 2022-04-20 |
| CVE | CVE-2021-32066 | A StartTLS stripping vulnerability in Net::IMAP | 2022-04-20 |
| CVE | CVE-2021-31810 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick | 2022-04-20 |
| CVE | CVE-2021-28965 | The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorre | 2022-04-20 |
| CVE | CVE-2020-25613 | An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not | 2022-04-20 |
| CVE | CVE-2020-10933 | An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buff | 2020-06-11 |
| CVE | CVE-2020-10663 | The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulne | 2020-06-11 |
| CVE | CVE-2020-10933 | An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buff | 2020-06-11 |
| CVE | CVE-2020-10663 | The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulne | 2020-06-11 |
| CVE | CVE-2015-9251 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, ca | 2019-10-03 |
| CVE | CVE-2012-6708 | jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in | 2019-10-03 |
| CVE | CVE-2019-16201 | RESERVED | 2019-10-03 |
| CVE | CVE-2019-15845 | RESERVED | 2019-10-03 |
| CVE | CVE-2019-16254 | RESERVED | 2019-10-03 |
| CVE | CVE-2019-16255 | RESERVED | 2019-10-03 |
| CVE | CVE-2015-9251 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, ca | 2019-10-03 |
| CVE | CVE-2012-6708 | jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in | 2019-10-03 |
About
-
Send Feedback to @ubuntu_updates
