UbuntuUpdates.org

Package "ruby2.0"

This package belongs to a PPA: Brightbox Ruby NG Experimental

Name: ruby2.0

Description:

Interpreter of object-oriented scripting language Ruby

Latest version: 2.0.0.648-654bbox1~trusty1
Release: trusty (14.04)
Level: base
Repository: main

Links


Download "ruby2.0"


Other versions of "ruby2.0" in Trusty

Repository Area Version
base main 2.0.0.484-1ubuntu2
base universe 2.0.0.484-1ubuntu2
security main 2.0.0.484-1ubuntu2.13
security universe 2.0.0.484-1ubuntu2.13
updates main 2.0.0.484-1ubuntu2.13
updates universe 2.0.0.484-1ubuntu2.13

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.0.648-654bbox1~trusty1 2018-04-10 17:08:18 UTC

 ruby2.0 (2.0.0.648-654bbox1~trusty1) trusty; urgency=medium
 .
   * Backported CVE-2017-17742: HTTP response splitting in
     WEBrick
   * Backported CVE-2018-6914: Unintentional file and directory
     creation with directory traversal in tempfile and tmpdir
   * Backported CVE-2018-8778: Buffer under-read in String#unpack
   * Backported CVE-2018-8779: Unintentional socket creation by poisoned
     NUL byte in UNIXServer and UNIXSocket
   * Backported CVE-2018-8780: Unintentional directory traversal by
     poisoned NUL byte in Dir

Source diff to previous version
CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac
CVE-2018-6914 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp

Version: 2.0.0.648-653bbox1~trusty1 2018-01-15 20:08:18 UTC

 ruby2.0 (2.0.0.648-653bbox1~trusty1) trusty; urgency=medium
 .
   * Backported fixes for CVE-2017-17405 Net::FTP
   * Backported Unsafe Object Deserialization Vulnerability in RubyGems

Source diff to previous version
CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to

Version: 2.0.0.648-652bbox2~trusty1 2017-09-22 21:08:57 UTC

 ruby2.0 (2.0.0.648-652bbox2~trusty1) trusty; urgency=medium
 .
   * Backported fixes for CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
   * Backported rubygems fixes for CVE-2017-0902, CVE-2017-0899,
     CVE-2017-0900 and CVE-2017-0901

Source diff to previous version

Version: 2.0.0.648-1bbox1~trusty1 2015-12-28 00:08:06 UTC

 ruby2.0 (2.0.0.648-1bbox1~trusty1) trusty; urgency=medium
 .
   * New upstream release
   * Fixes CVE-2015-7551

Source diff to previous version

Version: 2.0.0.647-1bbox1~trusty1 2015-09-01 18:09:47 UTC

 ruby2.0 (2.0.0.647-1bbox1~trusty1) trusty; urgency=medium
 .
   * New upstream release
   * Fixes CVE-2015-3900

CVE-2015-3900 RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API request, whi



About   -   Send Feedback to @ubuntu_updates