Package "ruby2.7-doc"
Name: |
ruby2.7-doc
|
Description: |
Documentation for Ruby 2.7
|
Latest version: |
2.7.0-5ubuntu1.14 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Head package: |
ruby2.7 |
Homepage: |
https://www.ruby-lang.org/ |
Links
Download "ruby2.7-doc"
Other versions of "ruby2.7-doc" in Focal
Changelog
ruby2.7 (2.7.0-5ubuntu1.14) focal-security; urgency=medium
* SECURITY UPDATE: buffer over-read in StringIO
- debian/patches/CVE-2024-27280.patch: fix expanding size at
ungetc/ungetbyte in ext/stringio/stringio.c,
test/stringio/test_stringio.rb.
- CVE-2024-27280
-- Marc Deslauriers <email address hidden> Wed, 19 Jun 2024 10:33:00 -0400
|
Source diff to previous version |
CVE-2024-27280 |
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unget |
|
ruby2.7 (2.7.0-5ubuntu1.13) focal-security; urgency=medium
* SECURITY UPDATE: code execution in RDoc
- debian/patches/CVE-2024-27281-pre1.patch: add Psych.safe_load_file to
ext/psych/lib/psych.rb, test/psych/test_exception.rb,
test/psych/test_psych.rb.
- debian/patches/CVE-2024-27281-1.patch: filter marshalled objects in
lib/rdoc/store.rb.
- debian/patches/CVE-2024-27281-2.patch: use safe_load and
safe_load_file for .rdoc_options in lib/rdoc/rdoc.rb,
test/rdoc/test_rdoc_options.rb.
- debian/patches/CVE-2024-27281-3.patch: fix NoMethodError for
start_with in lib/rdoc/store.rb.
- CVE-2024-27281
* SECURITY UPDATE: heap data extraction via regex
- debian/patches/CVE-2024-27282.patch: fix Use-After-Free issue for
Regexp in regexec.c.
- CVE-2024-27282
* debian/patches/update_test_certs.patch: update test certs in
test/net/fixtures/* to fix FTBFS.
-- Marc Deslauriers <email address hidden> Fri, 14 Jun 2024 08:11:45 -0400
|
Source diff to previous version |
CVE-2024-27281 |
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in |
CVE-2024-27282 |
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitr |
|
ruby2.7 (2.7.0-5ubuntu1.12) focal-security; urgency=medium
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-36617.patch: changes regex behaviour
in lib/url/rfc2396_parser.rb, lib/uri/rfc3986_parser.rb.
- CVE-2023-36617
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 06 Jul 2023 07:57:08 -0300
|
Source diff to previous version |
CVE-2023-36617 |
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There |
|
ruby2.7 (2.7.0-5ubuntu1.10) focal-security; urgency=medium
* SECURITY REGRESSION: URI.parse returning empty when it should return nil
- reverting/removing patches for CVE-2023-28755-*.patch that changed the
regex behaviour causing URI.parse to return '' instead previous
behaviour nil as some applications expected to use the last one as
return (LP: #2018547)
-- Leonidas Da Silva Barbosa <email address hidden> Fri, 05 May 2023 04:37:32 -0300
|
Source diff to previous version |
2018547 |
puppet can no longer find puppet:// resources after ruby2.7 CVE Update |
CVE-2023-28755 |
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific cha |
|
ruby2.7 (2.7.0-5ubuntu1.9) focal-security; urgency=medium
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28755-*.patch: URI.parse should set empty
string in host instead of nil in lib/uri/rfc3986_parser.rb, raise
ArgumentError with empty host url again in
lib/net/http/generic_request.rb.
- CVE-2023-28755
* SECURITY UPDATE: ReDos
- debian/patches/CVE-2023-28756-*.patch: fix quadratic backtracking on
invalid time and make RFC2822 regexp linear in lib/time.rb.
- CVE-2023-28756
* debian/patches/fix_test_generic.patch: fix test generic.
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 02 May 2023 05:34:05 -0300
|
CVE-2023-28755 |
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific cha |
CVE-2023-28756 |
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific ch |
|
About
-
Send Feedback to @ubuntu_updates