UbuntuUpdates.org

Package "libruby1.9.1"

This package belongs to a PPA: Brightbox Ruby NG Experimental

Name: libruby1.9.1

Description:

Libraries necessary to run Ruby 1.9.1

Latest version: 1:1.9.3.551-557bbox8~xenial1
Release: xenial (16.04)
Level: base
Repository: main
Head package: ruby1.9.1

Links

Save this URL for the latest version of "libruby1.9.1": https://www.ubuntuupdates.org/libruby1.9.1


Download "libruby1.9.1"


Other versions of "libruby1.9.1" in Xenial

No other version of this package is available in the Xenial release.

Changelog

Version: 1:1.9.3.551-557bbox8~xenial1 2018-04-18 17:08:22 UTC

 ruby1.9.1 (1:1.9.3.551-557bbox8~xenial1) xenial; urgency=medium
 .
   * Backported CVE-2017-17742: HTTP response splitting in
     WEBrick
   * Backported CVE-2018-6914: Unintentional file and directory
     creation with directory traversal in tempfile and tmpdir
   * Backported CVE-2018-8778: Buffer under-read in String#unpack
   * Backported CVE-2018-8779: Unintentional socket creation by poisoned
     NUL byte in UNIXServer and UNIXSocket
   * Backported CVE-2018-8780: Unintentional directory traversal by
     poisoned NUL byte in Dir
   * Fix a bunch of tests that were mostly failing due to launchpad build
     environent issues
   * Update timetzone tests for new timezone data
   * Use correct compiler on Ubuntu Artful and up (gcc5).

Source diff to previous version
CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac
CVE-2018-6914 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp

Version: 1:1.9.3.551-557bbox7~xenial2 2018-04-17 17:08:10 UTC

 ruby1.9.1 (1:1.9.3.551-557bbox7~xenial2) xenial; urgency=medium
 .
   * Backported CVE-2017-17742: HTTP response splitting in
     WEBrick
   * Backported CVE-2018-6914: Unintentional file and directory
     creation with directory traversal in tempfile and tmpdir
   * Backported CVE-2018-8778: Buffer under-read in String#unpack
   * Backported CVE-2018-8779: Unintentional socket creation by poisoned
     NUL byte in UNIXServer and UNIXSocket
   * Backported CVE-2018-8780: Unintentional directory traversal by
     poisoned NUL byte in Dir
   * Fix a bunch of tests that were mostly failing due to launchpad build
     environent issues
   * Use correct compiler on Ubuntu Artful and up (gcc5).
   * Build no longer depends on ruby

Source diff to previous version
CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac
CVE-2018-6914 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp

Version: 1:1.9.3.551-557bbox7~xenial1 2018-04-17 15:08:56 UTC

 ruby1.9.1 (1:1.9.3.551-557bbox7~xenial1) xenial; urgency=medium
 .
   * Backported CVE-2017-17742: HTTP response splitting in
     WEBrick
   * Backported CVE-2018-6914: Unintentional file and directory
     creation with directory traversal in tempfile and tmpdir
   * Backported CVE-2018-8778: Buffer under-read in String#unpack
   * Backported CVE-2018-8779: Unintentional socket creation by poisoned
     NUL byte in UNIXServer and UNIXSocket
   * Backported CVE-2018-8780: Unintentional directory traversal by
     poisoned NUL byte in Dir
   * Fix a bunch of tests that were mostly failing due to launchpad build
     environent issues
   * Use correct compiler on Ubuntu Artful and up (gcc5).
   * Build doesn't depend on ruby, fixes Bionic builds.

Source diff to previous version
CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac
CVE-2018-6914 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp

Version: 1:1.9.3.551-556bbox1~xenial2 2018-01-17 14:08:21 UTC

 ruby1.9.1 (1:1.9.3.551-556bbox1~xenial2) xenial; urgency=medium
 .
   * Backported fixes for CVE-2017-17405 Net::FTP
   * Backported Unsafe Object Deserialization Vulnerability in RubyGems

Source diff to previous version
CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to

Version: 1:1.9.3.551-555bbox2~xenial1 2017-09-26 20:07:47 UTC

 ruby1.9.1 (1:1.9.3.551-555bbox2~xenial1) xenial; urgency=medium
 .
   * Backported fixes for CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
   * Backported rubygems fixes for CVE-2017-0899, CVE-2017-0900 and
     CVE-2017-0901




About   -   Send Feedback to @ubuntu_updates