UbuntuUpdates.org

Package "ruby3.1-doc"

Name: ruby3.1-doc

Description:

Documentation for Ruby 3.1
Latest version: 3.1.2-6ubuntu0.23.04.2
Release: lunar (23.04)
Level: updates
Repository: main
Head package: ruby3.1
Homepage: https://www.ruby-lang.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ruby3.1-doc"

All arch deb package
APT INSTALL

Other versions of "ruby3.1-doc" in Lunar

Repository Area Version
base main 3.1.2-6
security main 3.1.2-6ubuntu0.23.04.2

Changelog

Version: 3.1.2-6ubuntu0.23.04.2 2023-07-12 18:07:08 UTC

  ruby3.1 (3.1.2-6ubuntu0.23.04.2) lunar-security; urgency=medium

  * SECURITY UPDATE: ReDoS
    - debian/patches/CVE-2023-36617.patch: changes regex behaviour
      in lib/url/rfc2396_parser.rb, lib/uri/rfc3986_parser.rb.
    - CVE-2023-36617

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 04 Jul 2023 11:43:58 -0300
Source diff to previous version
CVE-2023-36617 A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There

Version: 3.1.2-6ubuntu0.23.04.1 2023-06-21 13:07:00 UTC

  ruby3.1 (3.1.2-6ubuntu0.23.04.1) lunar-security; urgency=medium

  * SECURITY UPDATE: ReDoS
    - debian/patches/CVE-2023-28755.patch: URI.parse should set empty
      string in host instead of nil in lib/uri/rfc3986_parser.rb, raise
      ArgumentError with empty host url again in
      lib/net/http/generic_request.rb.
    - debian/patches/fix-uri-tests.patch: Added assert_linear_performance
      for URI tests
    - CVE-2023-28755
  * SECURITY UPDATE: ReDos
    - debian/patches/CVE-2023-28756.patch: fix quadratic backtracking on
      invalid time and make RFC2822 regexp linear in lib/time.rb.
    - CVE-2023-28756
  * debian/patches/fix-wss-tests.patch: Fix uninitialized constant URI::WSS
  * debian/patches/fix-fiber-tests.patch: Fix actual hostname resolution
  * debian/patches/fix-generic-tests.patch: Raise ArgumentError with empty
    host url again

 -- Nishit Majithia <email address hidden> Fri, 16 Jun 2023 09:50:29 +0530
CVE-2023-28755 A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific cha
CVE-2023-28756 A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific ch


About   -   Send Feedback to @ubuntu_updates