Package "ruby2.7"
Name: |
ruby2.7
|
Description: |
Interpreter of object-oriented scripting language Ruby
|
Latest version: |
2.7.0-5ubuntu1.18 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
https://www.ruby-lang.org/ |
Links
Download "ruby2.7"
Other versions of "ruby2.7" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
ruby2.7 (2.7.0-5ubuntu1.18) focal-security; urgency=medium
* SECURITY UPDATE: DoS in CGI Gem
- debian/patches/CVE-2025-27219.patch: use String#concat instead of
String#+ for reducing cpu usage in lib/cgi/cookie.rb.
- CVE-2025-27219
* SECURITY UPDATE: ReDoS in CGI Gem
- debian/patches/CVE-2025-27220.patch: escape/unescape unclosed tags as
well in lib/cgi/util.rb, test/cgi/test_cgi_util.rb.
- CVE-2025-27220
* SECURITY UPDATE: credential leak in URI gem
- debian/patches/CVE-2025-27221-1.patch: truncate userinfo in
lib/uri/generic.rb, test/uri/test_generic.rb.
- debian/patches/CVE-2025-27221-2.patch: fix merger of URI with
authority component in lib/uri/generic.rb, test/uri/test_generic.rb.
- CVE-2025-27221
-- Marc Deslauriers <email address hidden> Tue, 04 Mar 2025 14:52:55 -0500
|
Source diff to previous version |
CVE-2025-27219 |
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The |
CVE-2025-27220 |
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. |
CVE-2025-27221 |
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials |
|
ruby2.7 (2.7.0-5ubuntu1.17) focal-security; urgency=medium
* SECURITY REGRESSION: fix xml namespace issue (LP: #2097527)
- d/p/fix-lp2097527.patch: Fix handling with "xml:" prefixed namespace
-- Nishit Majithia <email address hidden> Mon, 10 Feb 2025 09:36:18 +0530
|
Source diff to previous version |
2097527 |
ruby2.7 2.7.0-5ubuntu1.16 regression: REXML parse error with \ |
|
ruby2.7 (2.7.0-5ubuntu1.16) focal-security; urgency=medium
* SECURITY UPDATE: denial or service in REXML
- debian/patches/CVE-2024-43398*: improve namespace conflicted
attribute check performance
- CVE-2024-43398
* Update CVE-2024-39908 patches as d/p/CVE-2024-39908-*.patch
* Refactor patches for CVE-2024-35176 and CVE-2024-41123
-- Nishit Majithia <email address hidden> Tue, 04 Feb 2025 10:33:59 +0530
|
Source diff to previous version |
CVE-2024-43398 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same |
CVE-2024-39908 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters suc |
CVE-2024-35176 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an att |
CVE-2024-41123 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters suc |
|
ruby2.7 (2.7.0-5ubuntu1.15) focal-security; urgency=medium
* SECURITY UPDATE: denial or service in REXML
- debian/patches/CVE-2024-35176_39908_41123-*.patch: Read quoted
attributes in chunks
- debian/patches/CVE-2024-41946.patch: Add support for XML entity
expansion limitation in SAX and pull parsers
- debian/patches/CVE-2024-49761.patch: fix a bug that �x...; is
accepted as a character reference
- CVE-2024-35176
- CVE-2024-39908
- CVE-2024-41123
- CVE-2024-41946
- CVE-2024-49761
* d/control and d/rules: use gcc-10 for build on riscv64 arch
-- Nishit Majithia <email address hidden> Wed, 30 Oct 2024 17:55:52 +0530
|
Source diff to previous version |
CVE-2024-35176 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an att |
CVE-2024-41946 |
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull |
CVE-2024-49761 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x... |
CVE-2024-39908 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters suc |
CVE-2024-41123 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters suc |
|
ruby2.7 (2.7.0-5ubuntu1.14) focal-security; urgency=medium
* SECURITY UPDATE: buffer over-read in StringIO
- debian/patches/CVE-2024-27280.patch: fix expanding size at
ungetc/ungetbyte in ext/stringio/stringio.c,
test/stringio/test_stringio.rb.
- CVE-2024-27280
-- Marc Deslauriers <email address hidden> Wed, 19 Jun 2024 10:33:00 -0400
|
CVE-2024-27280 |
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unget |
|
About
-
Send Feedback to @ubuntu_updates