UbuntuUpdates.org

Package "ruby3.3"

Name: ruby3.3

Description:

Interpreter of object-oriented scripting language Ruby

Latest version: 3.3.8-2ubuntu3.1
Release: resolute (26.04)
Level: updates
Repository: main
Homepage: https://www.ruby-lang.org/

Links


Download "ruby3.3"


Other versions of "ruby3.3" in Resolute

Repository Area Version
base main 3.3.8-2ubuntu3
security main 3.3.8-2ubuntu3.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.3.8-2ubuntu3.1 2026-07-06 12:07:28 UTC

  ruby3.3 (3.3.8-2ubuntu3.1) resolute-security; urgency=medium

  * SECURITY UPDATE: STARTTLS stripping via pre-injected tagged response
    - debian/patches/CVE-2026-42246.patch: add handled flag in starttls(),
      guard_against_tagged_response_skipping_handler! in send_command, and
      rescue InvalidResponseError to detect and reject pre-injected OK
      responses before TLS negotiation begins (net-imap 0.4.19).
    - CVE-2026-42246
  * SECURITY UPDATE: SCRAM iteration-count denial of service
    - debian/patches/CVE-2026-42256.patch: add max_iterations parameter
      (default 2**24) to ScramAuthenticator; raise Error in
      recv_server_first_message when server-supplied iteration count exceeds
      the maximum, preventing unbounded PBKDF2 computation (net-imap 0.4.19).
    - CVE-2026-42256
  * SECURITY UPDATE: CRLF injection via RawData and setquota command
    - debian/patches/CVE-2026-42257.patch: add CRLF/NUL validation in
      RawData#validate; rewrite setquota to use typed array encoding
      instead of raw string concatenation (net-imap 0.4.19).
    - CVE-2026-42257
  * debian/patches/skip-test_crypt-s390x.patch: skip TestString#test_crypt
    and TestString2#test_crypt on s390x where DES crypt produces different
    results due to glibc differences.

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 24 Jun 2026 18:17:31 -0300

CVE-2026-42246 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man
CVE-2026-42256 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.
CVE-2026-42257 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::



About   -   Send Feedback to @ubuntu_updates