Package "ruby3.2"
Name: |
ruby3.2
|
Description: |
Interpreter of object-oriented scripting language Ruby
|
Latest version: |
3.2.3-1ubuntu0.24.04.3 |
Release: |
noble (24.04) |
Level: |
security |
Repository: |
main |
Homepage: |
https://www.ruby-lang.org/ |
Links
Download "ruby3.2"
Other versions of "ruby3.2" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
ruby3.2 (3.2.3-1ubuntu0.24.04.3) noble-security; urgency=medium
* SECURITY UPDATE: denial of service in REXML
- debian/patches/CVE-2024-35176_39908_41123.patch: Read quoted
attributes in chunks
- debian/patches/CVE-2024-41946.patch: Add support for XML entity
expansion limitation in SAX and pull parsers
- debian/patches/CVE-2024-49761.patch: fix a bug that �x...; is
accepted as a character reference
- CVE-2024-35176
- CVE-2024-39908
- CVE-2024-41123
- CVE-2024-41946
- CVE-2024-49761
-- Nishit Majithia <email address hidden> Fri, 25 Oct 2024 14:06:35 +0530
|
Source diff to previous version |
CVE-2024-35176 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an att |
CVE-2024-41946 |
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull |
CVE-2024-49761 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x... |
CVE-2024-39908 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters suc |
CVE-2024-41123 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters suc |
|
ruby3.2 (3.2.3-1ubuntu0.24.04.1) noble-security; urgency=medium
* SECURITY UPDATE: code execution in RDoc
- debian/patches/CVE-2024-27281-1.patch: filter marshalled objects in
lib/rdoc/store.rb.
- debian/patches/CVE-2024-27281-2.patch: fix NoMethodError for
start_with in lib/rdoc/store.rb.
- CVE-2024-27281
* SECURITY UPDATE: heap data extraction via regex
- debian/patches/CVE-2024-27282.patch: fix Use-After-Free issue for
Regexp in regexec.c.
- CVE-2024-27282
-- Marc Deslauriers <email address hidden> Fri, 14 Jun 2024 07:50:43 -0400
|
CVE-2024-27281 |
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in |
CVE-2024-27282 |
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitr |
|
About
-
Send Feedback to @ubuntu_updates