UbuntuUpdates.org

Package "ruby2.3"

Name: ruby2.3

Description:

Interpreter of object-oriented scripting language Ruby

Latest version: 2.3.1-2~ubuntu16.04.16
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://www.ruby-lang.org/

Links


Download "ruby2.3"


Other versions of "ruby2.3" in Xenial

Repository Area Version
base universe 2.3.0-5ubuntu1
base main 2.3.0-5ubuntu1
security universe 2.3.1-2~ubuntu16.04.16
updates main 2.3.1-2~ubuntu16.04.16
updates universe 2.3.1-2~ubuntu16.04.16
PPA: Brightbox Ruby NG Experimental 2.3.8-4bbox1~xenial1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.3.1-2~ubuntu16.04.16 2021-04-20 19:07:15 UTC

  ruby2.3 (2.3.1-2~ubuntu16.04.16) xenial-security; urgency=medium

  * SECURITY UPDATE: XML round-trip vulnerability in REXML
    - debian/patches/CVE-2021-28965.patch: update to REXML 3.1.7.4.
    - CVE-2021-28965

 -- Marc Deslauriers <email address hidden> Thu, 15 Apr 2021 10:39:41 -0400

Source diff to previous version

Version: 2.3.1-2~ubuntu16.04.15 2021-03-18 18:07:05 UTC

  ruby2.3 (2.3.1-2~ubuntu16.04.15) xenial-security; urgency=medium

  * SECURITY UPDATE: Unsafe Object Creation Vulnerability in JSON gem
    - debian/patches/CVE-2020-10663.patch: set json->create_additions to 0
      in ext/json/parser/parser.c, ext/json/parser/parser.rl.
    - CVE-2020-10663
  * SECURITY UPDATE: HTTP Request Smuggling attack in WEBrick
    - debian/patches/CVE-2020-25613.patch: make it more strict to interpret
      some headers in lib/webrick/httprequest.rb.
    - CVE-2020-25613

 -- Marc Deslauriers <email address hidden> Tue, 16 Mar 2021 11:03:56 -0400

Source diff to previous version
CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulne
CVE-2020-25613 An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not

Version: 2.3.1-2~ubuntu16.04.14 2019-11-26 17:06:34 UTC

  ruby2.3 (2.3.1-2~ubuntu16.04.14) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL injection vulnerability
    - debian/patches/CVE-2019-15845.patch: ensure that
      pattern does not contain a NULL character in dir.c,
      test/ruby/test_fnmatch.rb.
    - CVE-2019-15845
  * SECURITY UPDATE: Denial of service vulnerability
    - debian/patches/CVE-2019-16201.patch: fix in
      lib/webrick/httpauth/digestauth.rb,
      test/webrick/test_httpauth.rb.
    - CVE-2019-16201.patch
  * SECURITY UPDATE: HTTP response splitting in WEBrick
    - debian/patches/CVE-2019-16254.patch: prevent response
      splitting and header injection in lib/webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2019-16254
  * SECURITY UPDATE: Code injection
    - debian/patches/CVE-2019-16255.patch: prevent unknown command
      in lib/shell/command-processor.rb, test/shell/test_command_processor.rb.
    - CVE-2019-16255

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 25 Nov 2019 12:24:34 -0300

Source diff to previous version
CVE-2019-15845 RESERVED
CVE-2019-16201 RESERVED
CVE-2019-16254 RESERVED
CVE-2019-16255 RESERVED

Version: 2.3.1-2~16.04.12 2019-04-11 15:07:23 UTC

  ruby2.3 (2.3.1-2~16.04.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Delete directory using symlink when decompressing tar,
    Escape sequence injection vulnerability in gem owner, Escape sequence
    injection vulnerability in API response handling, Arbitrary code exec,
    Escape sequence injection vulnerability in errors
    - debian/patches/CVE-2019-8320-25.patch: fix in
      lib/rubygems/command_manager.rb,
      lib/rubygems/commands/owner_command.rb,
      lib/rubygems/gemcutter_utilities.rb,
      lib/rubygems/installer.rb,
      lib/rubygems/package.rb,
      test/rubygems/test_gem_package.rb,
      test/rubygems/test_gem_installer.rb,
      test/rubygems/test_gem_text.rb.
    - CVE-2019-8320
    - CVE-2019-8321
    - CVE-2019-8322
    - CVE-2019-8323
    - CVE-2019-8324
    - CVE-2019-8325
  * Fixing expired certification that causes tests to fail
    - debian/patches/fixing_expired_SSL_certificates.patch: fix in
      test/net/imap/cacert.pen, test/net/imap/server.crt,
      test/net/imap/server.key.
  * Added lisbon_tz test to excluded tests
    - debian/patches/0001-excluding_lisbon_tz_test.patch:
      test/excludes/TestTimeTZ.rb.
  * Fixing symlink expanding issue that makes some tests and gems fails
    - debian/patches/fixing_symlink_expanding_issue.patch: fix in
      lib/rubygems/package.rb, test/rubygems/test_gem_package.rb.

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 03 Apr 2019 12:30:36 -0300

Source diff to previous version
CVE-2019-8320 RESERVED
CVE-2019-8321 Escape sequence injection vulnerability in verbose
CVE-2019-8322 Escape sequence injection vulnerability in gem owner
CVE-2019-8323 Escape sequence injection vulnerability in API response handling
CVE-2019-8324 Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325 Escape sequence injection vulnerability in errors

Version: 2.3.1-2~16.04.11 2018-11-05 20:06:58 UTC

  ruby2.3 (2.3.1-2~16.04.11) xenial-security; urgency=medium

  * SECURITY UPDATE: Name equality check
    - debian/patches/CVE-2018-16395.patch: fix in
      ext/openssl/ossl_x509name.c.
    - CVE-2018-16395
  * SECURITY UPDATE: Tainted flags not propagted
    - debian/patches/CVE-2018-16396.patch: fix in
      pack.c, test/ruby/test_pack.rb.
    - CVE-2018-16396
  * fixing tz test issue
    - debian/patches/fixing_tz_tests.patch

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 30 Oct 2018 10:59:03 -0300

CVE-2018-16395 RESERVED
CVE-2018-16396 RESERVED



About   -   Send Feedback to @ubuntu_updates