Bugs fixes in "ruby2.7"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2024-41123 | REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters suc | 2024-11-21 |
| CVE | CVE-2024-39908 | REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters suc | 2024-11-21 |
| CVE | CVE-2024-49761 | REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x... | 2024-11-21 |
| CVE | CVE-2024-41946 | REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull | 2024-11-21 |
| CVE | CVE-2024-35176 | REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an att | 2024-11-21 |
| CVE | CVE-2024-41123 | REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters suc | 2024-11-21 |
| CVE | CVE-2024-39908 | REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters suc | 2024-11-21 |
| CVE | CVE-2024-49761 | REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x... | 2024-11-21 |
| CVE | CVE-2024-41946 | REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull | 2024-11-21 |
| CVE | CVE-2024-35176 | REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an att | 2024-11-21 |
| CVE | CVE-2024-27280 | A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unget | 2024-06-26 |
| CVE | CVE-2024-27280 | A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unget | 2024-06-26 |
| CVE | CVE-2024-27282 | An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitr | 2024-06-17 |
| CVE | CVE-2024-27281 | An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in | 2024-06-17 |
| CVE | CVE-2024-27282 | An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitr | 2024-06-17 |
| CVE | CVE-2024-27281 | An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in | 2024-06-17 |
| CVE | CVE-2023-36617 | A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There | 2023-07-12 |
| CVE | CVE-2023-36617 | A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There | 2023-07-12 |
| Launchpad | 2018215 | ruby2.7: backport upstream fix to \ | 2023-05-25 |
| Launchpad | 2018215 | ruby2.7: backport upstream fix to \ | 2023-05-18 |
About
-
Send Feedback to @ubuntu_updates
