UbuntuUpdates.org

Package "ruby2.5-doc"

Name: ruby2.5-doc

Description:

Documentation for Ruby 2.5

Latest version: 2.5.1-1ubuntu1.6
Release: bionic (18.04)
Level: security
Repository: main
Head package: ruby2.5
Homepage: http://www.ruby-lang.org/

Links

Save this URL for the latest version of "ruby2.5-doc": https://www.ubuntuupdates.org/ruby2.5-doc


Download "ruby2.5-doc"


Other versions of "ruby2.5-doc" in Bionic

Repository Area Version
base main 2.5.1-1ubuntu1
updates main 2.5.1-1ubuntu1.6
PPA: Brightbox Ruby NG Experimental 2.5.7-1bbox3~bionic1

Changelog

Version: 2.5.1-1ubuntu1.6 2019-11-26 17:06:37 UTC

  ruby2.5 (2.5.1-1ubuntu1.6) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL injection vulnerability
    - debian/patches/CVE-2019-15845.patch: ensure that
      pattern does not contain a NULL character in dir.c,
      test/ruby/test_fnmatch.rb.
    - CVE-2019-15845
  * SECURITY UPDATE: Denial of service vulnerability
    - debian/patches/CVE-2019-16201.patch: fix in
      lib/webrick/httpauth/digestauth.rb,
      test/webrick/test_httpauth.rb.
    - CVE-2019-16201.patch
  * SECURITY UPDATE: HTTP response splitting in WEBrick
    - debian/patches/CVE-2019-16254.patch: prevent response
      splitting and header injection in lib/webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2019-16254
  * SECURITY UPDATE: Code injection
    - debian/patches/CVE-2019-16255.patch: prevent unknown command
      in lib/shell/command-processor.rb, test/shell/test_command_processor.rb.
    - CVE-2019-16255

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 26 Nov 2019 09:32:04 -0300

Source diff to previous version
CVE-2019-15845 RESERVED
CVE-2019-16201 RESERVED
CVE-2019-16254 RESERVED
CVE-2019-16255 RESERVED

Version: 2.5.1-1ubuntu1.5 2019-08-20 13:07:09 UTC

  ruby2.5 (2.5.1-1ubuntu1.5) bionic; urgency=medium

  * Add d/p/restore_buffer_newline_check.patch to fix failure sending
    files with mixed newline encoding styles; this regression was
    introduced by 0009-openssl-sync-with-upstream-repository.patch.
    (LP: #1835968)

 -- Bryce Harrington <email address hidden> Thu, 25 Jul 2019 16:06:31 -0700

Source diff to previous version
1835968 Regression in backported patch for openssl 1.1

Version: 2.5.1-1ubuntu1.2 2019-04-13 13:07:17 UTC

  ruby2.5 (2.5.1-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Delete directory using symlink when decompressing tar,
    Escape sequence injection vulnerability in gem owner, Escape sequence
    injection vulnerability in API response handling, Arbitrary code exec,
    Escape sequence injection vulnerability in errors
    - debian/patches/CVE-2019-8320-25.patch: fix in
      lib/rubygems/command_manager.rb,
      lib/rubygems/commands/owner_command.rb,
      lib/rubygems/gemcutter_utilities.rb,
      lib/rubygems/installer.rb,
      lib/rubygems/package.rb,
      test/rubygems/test_gem_installer.rb,
      test/rubygems/test_gem_package.rb,
      test/rubygems/test_gem_text.rb.
    - CVE-2019-8320
    - CVE-2019-8321
    - CVE-2019-8322
    - CVE-2019-8323
    - CVE-2019-8324
    - CVE-2019-8325
  * Fixing expired SSL certs
    - debian/patches/fixing_expired_SSL_certs.patch: fix in
      test/net/fixtures/cacert.pem, test/net/fixtures/server.crt,
      test/net/fixtures/server.key.

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 01 Apr 2019 11:13:08 -0300

Source diff to previous version
CVE-2019-8320 RESERVED
CVE-2019-8321 Escape sequence injection vulnerability in verbose
CVE-2019-8322 Escape sequence injection vulnerability in gem owner
CVE-2019-8323 Escape sequence injection vulnerability in API response handling
CVE-2019-8324 Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325 Escape sequence injection vulnerability in errors

Version: 2.5.1-1ubuntu1.1 2018-11-05 20:07:01 UTC

  ruby2.5 (2.5.1-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Name equality check
    - debian/patches/CVE-2018-16395.patch: fix in
      ext/openssl/ossl_x509name.c.
    - CVE-2018-16395
  * SECURITY UPDATE: Tainted flags not propagted
    - debian/patches/CVE-2018-16396.patch: fix in
      pack.c, test/ruby/test_pack.rb.
    - CVE-2018-16396
  * Fixing tz tests for asia_tokyo test
    - debian/patches/fixing_tz_asia_tokyo_test.patch

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 31 Oct 2018 09:42:47 -0300

CVE-2018-16395 RESERVED
CVE-2018-16396 RESERVED



About   -   Send Feedback to @ubuntu_updates