UbuntuUpdates.org

Package "ruby-nokogiri"

Name: ruby-nokogiri

Description:

HTML, XML, SAX, and Reader parser for Ruby

Latest version: 1.6.7.2-3ubuntu0.1
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: http://nokogiri.org

Links


Download "ruby-nokogiri"


Other versions of "ruby-nokogiri" in Xenial

Repository Area Version
base universe 1.6.7.2-3build1
security universe 1.6.7.2-3ubuntu0.1

Changelog

Version: 1.6.7.2-3ubuntu0.1 2019-11-05 15:06:59 UTC

  ruby-nokogiri (1.6.7.2-3ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Command injection vulnerability.
    - debian/patches/CVE-2019-5477.patch: prefer File.open to Kernel.open.
    - CVE-2019-5477

 -- Eduardo Barretto <email address hidden> Mon, 04 Nov 2019 11:28:45 -0300

CVE-2019-5477 A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Pro



About   -   Send Feedback to @ubuntu_updates