UbuntuUpdates.org

Package "ruby2.5"

This package belongs to a PPA: Brightbox Ruby NG Experimental

Name: ruby2.5

Description:

Interpreter of object-oriented scripting language Ruby
Latest version: 2.5.8-1bbox1~xenial1
Release: xenial (16.04)
Level: base
Repository: main

Links

All versions of this package
Bug fixes

Repository home page

Download "ruby2.5"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ruby2.5" in Xenial

No other version of this package is available in the Xenial release.

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.5.8-1bbox1~xenial1 2020-07-01 18:08:31 UTC

 ruby2.5 (2.5.8-1bbox1~xenial1) xenial; urgency=medium
 .
   * New upstream release 2.5.8
   * Fixes CVE-2020-10663 and CVE-2020-10933

Source diff to previous version
CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulne
CVE-2020-10933 An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buff

Version: 2.5.7-1bbox3~xenial1 2019-10-08 18:09:11 UTC

 ruby2.5 (2.5.7-1bbox3~xenial1) xenial; urgency=medium
 .
   * New upstream release 2.5.7
   * Exclude client_cert_auth test that fails under openssl 1.1.1
   * Fixes CVE-2019-16255, CVE-2019-16254, CVE-2019-15845, CVE-2019-16201,
     CVE-2012-6708, CVE-2015-9251

Source diff to previous version
CVE-2019-16255 RESERVED
CVE-2019-16254 RESERVED
CVE-2019-15845 RESERVED
CVE-2019-16201 RESERVED
CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in
CVE-2015-9251 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, ca

Version: 2.5.7-1bbox2~xenial1 2019-10-04 17:08:28 UTC

 ruby2.5 (2.5.7-1bbox2~xenial1) xenial; urgency=medium
 .
   * New upstream release 2.5.7
   * Fixes CVE-2019-16255, CVE-2019-16254, CVE-2019-15845, CVE-2019-16201,
     CVE-2012-6708, CVE-2015-9251

Source diff to previous version
CVE-2019-16255 RESERVED
CVE-2019-16254 RESERVED
CVE-2019-15845 RESERVED
CVE-2019-16201 RESERVED
CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in
CVE-2015-9251 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, ca

Version: 2.5.7-1bbox1~xenial1 2019-10-03 18:08:37 UTC

 ruby2.5 (2.5.7-1bbox1~xenial1) xenial; urgency=medium
 .
   * New upstream release 2.5.7
   * Fixes CVE-2019-16255, CVE-2019-16254, CVE-2019-15845, CVE-2019-16201,
     CVE-2012-6708, CVE-2015-9251

Source diff to previous version
CVE-2019-16255 RESERVED
CVE-2019-16254 RESERVED
CVE-2019-15845 RESERVED
CVE-2019-16201 RESERVED
CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in
CVE-2015-9251 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, ca

Version: 2.5.5-1bbox1~xenial1 2019-03-15 13:07:53 UTC

 ruby2.5 (2.5.5-1bbox1~xenial1) xenial; urgency=medium
 .
   * New upstream release 2.5.5
   * Fixes CVE-2019-8320 through 8325 with Rubygems update.

CVE-2019-8320 RESERVED


About   -   Send Feedback to @ubuntu_updates