UbuntuUpdates.org

Package "ruby2.1-doc"

This package belongs to a PPA: Brightbox Ruby NG Experimental

Name: ruby2.1-doc

Description:

Documentation for Ruby 2.1

Latest version: 2.1.9-3bbox1~trusty1
Release: trusty (14.04)
Level: base
Repository: main
Head package: ruby2.1

Links


Download "ruby2.1-doc"


Other versions of "ruby2.1-doc" in Trusty

No other version of this package is available in the Trusty release.

Changelog

Version: 2.1.9-3bbox1~trusty1 2018-04-09 19:08:17 UTC

 ruby2.1 (2.1.9-3bbox1~trusty1) trusty; urgency=medium
 .
   * Backported CVE-2017-17742: HTTP response splitting in
     WEBrick
   * Backported CVE-2018-6914: Unintentional file and directory
     creation with directory traversal in tempfile and tmpdir
   * Backported CVE-2018-8778: Buffer under-read in String#unpack
   * Backported CVE-2018-8779: Unintentional socket creation by poisoned
     NUL byte in UNIXServer and UNIXSocket
   * Backported CVE-2018-8780: Unintentional directory traversal by
     poisoned NUL byte in Dir

Source diff to previous version
CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac
CVE-2018-6914 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp

Version: 2.1.9-2bbox1~trusty1 2018-01-15 20:08:18 UTC

 ruby2.1 (2.1.9-2bbox1~trusty1) trusty; urgency=medium
 .
   * Backported fixes for CVE-2017-17405 Net::FTP
   * Backported Unsafe Object Deserialization Vulnerability in RubyGems

Source diff to previous version
CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to

Version: 2.1.9-1bbox2~trusty1 2017-09-20 17:08:42 UTC

 ruby2.1 (2.1.9-1bbox2~trusty1) trusty; urgency=medium
 .
   * Backported fixes for CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
   * Updated rubygems to 2.4.5.3 to fix CVE-2017-0902, CVE-2017-0899,
     CVE-2017-0900 and CVE-2017-0901

Source diff to previous version

Version: 2.1.9-1bbox1~trusty1 2016-06-26 12:07:51 UTC

 ruby2.1 (2.1.9-1bbox1~trusty1) trusty; urgency=medium
 .
   * New upstream release

Source diff to previous version

Version: 2.1.8-1bbox1~trusty1 2015-12-27 23:08:16 UTC

 ruby2.1 (2.1.8-1bbox1~trusty1) trusty; urgency=medium
 .
   * New upstream release
   * Fixes CVE-2015-7551




About   -   Send Feedback to @ubuntu_updates