Package "ruby3.0"
Name: |
ruby3.0
|
Description: |
Interpreter of object-oriented scripting language Ruby
|
Latest version: |
3.0.2-7ubuntu2.4 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
main |
Homepage: |
https://www.ruby-lang.org/ |
Links
Download "ruby3.0"
Other versions of "ruby3.0" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
ruby3.0 (3.0.2-7ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-28755.patch: adds '+' once or more in specific
places of the RFC3986 regex in order to avoid the increase in execution
time for parsing strings to URI objects in lib/uri/rfc3986_parser.rb.
- debian/patches/CVE-2023-28755-fix-test-uri-empty-host-again.patch:
fix test uri in lib/net/http/generic_request.rb.
- CVE-2023-28755
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-36617.patch: changes regex behaviour
in lib/url/rfc2396_parser.rb, lib/uri/rfc3986_parser.rb.
- CVE-2023-36617
-- Leonidas Da Silva Barbosa <email address hidden> Fri, 07 Jul 2023 11:37:56 -0300
|
Source diff to previous version |
CVE-2023-28755 |
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific cha |
CVE-2023-36617 |
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There |
|
ruby3.0 (3.0.2-7ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: HTTP response splitting
- debian/patches/CVE-2021-33621*.patch: adds regex to lib/cgi/core.rb and
lib/cgi/cookie.rb along with tests to check http response headers and
cookie fields for invalid characters.
- debian/patches/fix_tzdata-2022.patch: fix for tzdata-2022g tests
in test/ruby/test_time_tz.rb.
- CVE-2021-33621
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 18 Jan 2023 14:28:21 -0300
|
Source diff to previous version |
CVE-2021-33621 |
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that |
|
ruby3.0 (3.0.2-7ubuntu2.1) jammy-security; urgency=medium
* SECURITY UPDATE: Double free
- debian/patches/CVE-2022-28738.patch: just free compiled
pattern if no space is used in regcomp.c, test/ruby/test_regexp.rb.
- CVE-2022-28738
* SECURITY UPDATE: Buffer over-read
- debian/patches/CVE-2022-28739.patch: fix dtoa buffer
overrun in missing/dtoa.c, test/ruby/test_float.rb.
- CVE-2022-28739
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 24 May 2022 16:36:26 -0300
|
CVE-2022-28738 |
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untruste |
CVE-2022-28739 |
RESERVED |
|
About
-
Send Feedback to @ubuntu_updates