UbuntuUpdates.org

Package "ruby2.6"

This package belongs to a PPA: Brightbox Ruby NG Experimental

Name: ruby2.6

Description:

Interpreter of object-oriented scripting language Ruby
Latest version: 2.6.10-1bbox1~bionic1
Release: bionic (18.04)
Level: base
Repository: main

Links

All versions of this package
Bug fixes

Repository home page

Download "ruby2.6"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ruby2.6" in Bionic

No other version of this package is available in the Bionic release.

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.6.10-1bbox1~bionic1 2022-04-20 17:08:09 UTC

 ruby2.6 (2.6.10-1bbox1~bionic1) bionic; urgency=medium
 .
   * New upstream release 2.6.10
   * Fixes CVE-2020-25613, CVE-2021-28965, CVE-2021-31810, CVE-2021-32066,
     CVE-2021-31799, CVE-2021-41817, CVE-2021-41819, CVE-2022-28739

Source diff to previous version
CVE-2020-25613 An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not
CVE-2021-28965 The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorre
CVE-2021-31810 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick
CVE-2021-32066 A StartTLS stripping vulnerability in Net::IMAP
CVE-2021-31799 A command injection vulnerability in RDoc
CVE-2021-41817 RESERVED
CVE-2021-41819 RESERVED
CVE-2022-28739 RESERVED

Version: 2.6.6-1bbox1~bionic1 2020-06-11 12:08:15 UTC

 ruby2.6 (2.6.6-1bbox1~bionic1) bionic; urgency=medium
 .
   * New upstream release 2.6.6
   * Fixes CVE-2020-10663, CVE-2020-10933

Source diff to previous version
CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulne
CVE-2020-10933 An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buff

Version: 2.6.5-1bbox1~bionic1 2019-10-03 18:08:37 UTC

 ruby2.6 (2.6.5-1bbox1~bionic1) bionic; urgency=medium
 .
   * New upstream release 2.6.5
   * Fixes CVE-2019-16255, CVE-2019-16254, CVE-2019-15845, CVE-2019-16201,
     CVE-2012-6708, CVE-2015-9251

Source diff to previous version
CVE-2019-16255 RESERVED
CVE-2019-16254 RESERVED
CVE-2019-15845 RESERVED
CVE-2019-16201 RESERVED
CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in
CVE-2015-9251 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, ca

Version: 2.6.2-1bbox1~bionic1 2019-03-15 14:08:33 UTC

 ruby2.6 (2.6.2-1bbox1~bionic1) bionic; urgency=medium
 .
   * New upstream release 2.6.2
   * Fixes CVE-2019-8320 through 8325 with Rubygems update.

Source diff to previous version
CVE-2019-8320 RESERVED

Version: 2.6.1-1bbox11~bionic1 2019-02-18 00:08:03 UTC

 ruby2.6 (2.6.1-1bbox11~bionic1) bionic; urgency=medium
 .
   * New upstream release, 2.6.1



About   -   Send Feedback to @ubuntu_updates