UbuntuUpdates.org

Package "ruby2.1-tcltk"

This package belongs to a PPA: Brightbox Ruby NG Experimental

Name: ruby2.1-tcltk

Description:

Ruby/Tk for Ruby 2.1

Latest version: 2.1.9-3bbox1~xenial1
Release: xenial (16.04)
Level: base
Repository: main
Head package: ruby2.1

Links


Download "ruby2.1-tcltk"


Other versions of "ruby2.1-tcltk" in Xenial

No other version of this package is available in the Xenial release.

Changelog

Version: 2.1.9-3bbox1~xenial1 2018-04-09 18:08:35 UTC

 ruby2.1 (2.1.9-3bbox1~xenial1) xenial; urgency=medium
 .
   * Backported CVE-2017-17742: HTTP response splitting in
     WEBrick
   * Backported CVE-2018-6914: Unintentional file and directory
     creation with directory traversal in tempfile and tmpdir
   * Backported CVE-2018-8778: Buffer under-read in String#unpack
   * Backported CVE-2018-8779: Unintentional socket creation by poisoned
     NUL byte in UNIXServer and UNIXSocket
   * Backported CVE-2018-8780: Unintentional directory traversal by
     poisoned NUL byte in Dir

Source diff to previous version
CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac
CVE-2018-6914 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp

Version: 2.1.9-2bbox1~xenial1 2018-01-15 19:08:02 UTC

 ruby2.1 (2.1.9-2bbox1~xenial1) xenial; urgency=medium
 .
   * Backported fixes for CVE-2017-17405 Net::FTP
   * Backported Unsafe Object Deserialization Vulnerability in RubyGems

Source diff to previous version
CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to

Version: 2.1.9-1bbox2~xenial1 2017-09-20 16:08:45 UTC

 ruby2.1 (2.1.9-1bbox2~xenial1) xenial; urgency=medium
 .
   * Backported fixes for CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
   * Updated rubygems to 2.4.5.3 to fix CVE-2017-0902, CVE-2017-0899,
     CVE-2017-0900 and CVE-2017-0901

Source diff to previous version

Version: 2.1.9-1bbox1~xenial1 2016-06-27 06:55:55 UTC

 ruby2.1 (2.1.9-1bbox1~xenial1) xenial; urgency=medium
 .
   * New upstream release




About   -   Send Feedback to @ubuntu_updates