UbuntuUpdates.org

Package "ruby2.1"

This package belongs to a PPA: Brightbox Ruby NG Experimental

Name: ruby2.1

Description:

Interpreter of object-oriented scripting language Ruby

Latest version: 2.1.9-3bbox1~xenial1
Release: xenial (16.04)
Level: base
Repository: main

Links

Save this URL for the latest version of "ruby2.1": https://www.ubuntuupdates.org/ruby2.1


Download "ruby2.1"


Other versions of "ruby2.1" in Xenial

No other version of this package is available in the Xenial release.

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.9-3bbox1~xenial1 2018-04-09 18:08:35 UTC

 ruby2.1 (2.1.9-3bbox1~xenial1) xenial; urgency=medium
 .
   * Backported CVE-2017-17742: HTTP response splitting in
     WEBrick
   * Backported CVE-2018-6914: Unintentional file and directory
     creation with directory traversal in tempfile and tmpdir
   * Backported CVE-2018-8778: Buffer under-read in String#unpack
   * Backported CVE-2018-8779: Unintentional socket creation by poisoned
     NUL byte in UNIXServer and UNIXSocket
   * Backported CVE-2018-8780: Unintentional directory traversal by
     poisoned NUL byte in Dir

Source diff to previous version
CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac
CVE-2018-6914 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp

Version: 2.1.9-2bbox1~xenial1 2018-01-15 19:08:02 UTC

 ruby2.1 (2.1.9-2bbox1~xenial1) xenial; urgency=medium
 .
   * Backported fixes for CVE-2017-17405 Net::FTP
   * Backported Unsafe Object Deserialization Vulnerability in RubyGems

Source diff to previous version
CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to

Version: 2.1.9-1bbox2~xenial1 2017-09-20 16:08:45 UTC

 ruby2.1 (2.1.9-1bbox2~xenial1) xenial; urgency=medium
 .
   * Backported fixes for CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
   * Updated rubygems to 2.4.5.3 to fix CVE-2017-0902, CVE-2017-0899,
     CVE-2017-0900 and CVE-2017-0901

Source diff to previous version

Version: 2.1.9-1bbox1~xenial1 2016-06-27 06:55:55 UTC

 ruby2.1 (2.1.9-1bbox1~xenial1) xenial; urgency=medium
 .
   * New upstream release




About   -   Send Feedback to @ubuntu_updates