Package ruby: Information

    Source package: ruby
    Version: 2.4.4-alt0.M70C.1
    Build time:  May 24, 2018, 01:18 PM in the task #206388
    Copied in the task: #206923
    Category: Development/Ruby
    Report package bug
    License: BSD (revised) or Ruby
    Summary: An Interpreted Object-Oriented Scripting Language
    Description: 
    Ruby is an interpreted scripting language for quick and easy object-oriented
    programming. It has many features for processing text files and performing system
    management tasks (as in Perl). It is simple, straight-forward, and extensible.
    
    This package contains interpreter of object-oriented scripting language Ruby.

    List of rpms provided by this srpm:
    irb (noarch)
    libruby (x86_64, i586)
    libruby-debuginfo (x86_64, i586)
    libruby-devel (x86_64, i586)
    libruby-devel-static (x86_64, i586)
    ri (noarch)
    ruby (x86_64, i586)
    ruby-debuginfo (x86_64, i586)
    ruby-doc-ri (noarch)
    ruby-stdlibs (x86_64, i586)
    ruby-stdlibs-debuginfo (x86_64, i586)
    ruby-tools (noarch)

    Maintainer: Andrey Cherepanov


      1. libssl-devel
      2. libyaml-devel
      3. groff-base
      4. libgdbm-devel
      5. doxygen
      6. ruby
      7. libncursesw-devel
      8. ruby-stdlibs
      9. gcc-c++
      10. rpm-build-ruby >= 1:0.1.3
      11. libdb4-devel
      12. libreadline-devel
      13. libffi-devel
      14. zlib-devel

    Last changed


    May 15, 2018 Andrey Cherepanov 2.4.4-alt0.M70C.1
    - New version.
    - Fixes:
      + CVE-2017-17742: HTTP response splitting in WEBrick
      + CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
      + CVE-2018-8777: DoS by large request in WEBrick
      + CVE-2018-8778: Buffer under-read in String#unpack
      + CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
      + CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
    Feb. 1, 2018 Andrey Cherepanov 2.4.3-alt0.M70C.1
    - New version
    - Fixes:
      + CVE-2017-17405: Command injection vulnerability in Net::FTP
    Oct. 12, 2017 Andrey Cherepanov 2.4.2-alt1.M70C.1
    - New version in c7 branch with security fixes
    - Merge rubygems-2.6.14 changes
    - Fixes:
      + CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf
      + CVE-2017-10784 Escape sequence injection vulnerability in the Basic authentication of WEBrick
      + CVE-2017-14033 Buffer underrun vulnerability in OpenSSL ASN1 decode
      + CVE-2017-14064 Heap exposure in generating JSON
      + CVE-2017-0902 A DNS request hijacking vulnerability
      + CVE-2017-0899 An ANSI escape sequence vulnerability
      + CVE-2017-0900 A DoS vulnerability in the query command
      + CVE-2017-0901 A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files
      + CVE-2017-0903 Unsafe Object Deserialization Vulnerability in RubyGems
      + CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf
      + CVE-2017-10784 Escape sequence injection vulnerability in the Basic authentication of WEBrick
      + CVE-2017-14033 Buffer underrun vulnerability in OpenSSL ASN1 decode
      + CVE-2017-14064 Heap exposure in generating JSON
      + CVE-2017-0902 A DNS request hijacking vulnerability
      + CVE-2017-0899 An ANSI escape sequence vulnerability
      + CVE-2017-0900 A DoS vulnerability in the query command
      + CVE-2017-0901 A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files