UbuntuUpdates.org

Package "ruby2.5"

Name: ruby2.5

Description:

Interpreter of object-oriented scripting language Ruby

Latest version: 2.5.1-1ubuntu1.10
Release: bionic (18.04)
Level: security
Repository: main
Homepage: http://www.ruby-lang.org/

Links


Download "ruby2.5"


Other versions of "ruby2.5" in Bionic

Repository Area Version
base main 2.5.1-1ubuntu1
updates main 2.5.1-1ubuntu1.10
PPA: Brightbox Ruby NG Experimental 2.5.8-1bbox1~bionic1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.5.1-1ubuntu1.2 2019-04-13 13:07:17 UTC

  ruby2.5 (2.5.1-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Delete directory using symlink when decompressing tar,
    Escape sequence injection vulnerability in gem owner, Escape sequence
    injection vulnerability in API response handling, Arbitrary code exec,
    Escape sequence injection vulnerability in errors
    - debian/patches/CVE-2019-8320-25.patch: fix in
      lib/rubygems/command_manager.rb,
      lib/rubygems/commands/owner_command.rb,
      lib/rubygems/gemcutter_utilities.rb,
      lib/rubygems/installer.rb,
      lib/rubygems/package.rb,
      test/rubygems/test_gem_installer.rb,
      test/rubygems/test_gem_package.rb,
      test/rubygems/test_gem_text.rb.
    - CVE-2019-8320
    - CVE-2019-8321
    - CVE-2019-8322
    - CVE-2019-8323
    - CVE-2019-8324
    - CVE-2019-8325
  * Fixing expired SSL certs
    - debian/patches/fixing_expired_SSL_certs.patch: fix in
      test/net/fixtures/cacert.pem, test/net/fixtures/server.crt,
      test/net/fixtures/server.key.

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 01 Apr 2019 11:13:08 -0300

Source diff to previous version
CVE-2019-8320 RESERVED
CVE-2019-8321 Escape sequence injection vulnerability in verbose
CVE-2019-8322 Escape sequence injection vulnerability in gem owner
CVE-2019-8323 Escape sequence injection vulnerability in API response handling
CVE-2019-8324 Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325 Escape sequence injection vulnerability in errors

Version: 2.5.1-1ubuntu1.1 2018-11-05 20:07:01 UTC

  ruby2.5 (2.5.1-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Name equality check
    - debian/patches/CVE-2018-16395.patch: fix in
      ext/openssl/ossl_x509name.c.
    - CVE-2018-16395
  * SECURITY UPDATE: Tainted flags not propagted
    - debian/patches/CVE-2018-16396.patch: fix in
      pack.c, test/ruby/test_pack.rb.
    - CVE-2018-16396
  * Fixing tz tests for asia_tokyo test
    - debian/patches/fixing_tz_asia_tokyo_test.patch

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 31 Oct 2018 09:42:47 -0300

CVE-2018-16395 RESERVED
CVE-2018-16396 RESERVED



About   -   Send Feedback to @ubuntu_updates