Package ruby: Changelog

March 30, 2018 Andrey Cherepanov 2.5.1-alt1
- New version.
- Fixes:
  + CVE-2017-17742: HTTP response splitting in WEBrick
  + CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
  + CVE-2018-8777: DoS by large request in WEBrick
  + CVE-2018-8778: Buffer under-read in String#unpack
  + CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
  + CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
2.5.1-alt0.M80P.1 built May 11, 2018 Andrey Cherepanov in task #203032
March 30, 2018 Andrey Cherepanov
- Backport new version with security fix to p8 branch
March 27, 2018 Andrey Cherepanov 2.5.0-alt0.M80P.1
- Backport new version with security fix to p8 branch
March 5, 2018 Andrey Cherepanov 2.5.0-alt1
- New version.
- Fixes:
  + CVE-2017-17405 Command injection vulnerability in Net::FTP
- Update Rubygems to 2.7.6 with security fixes (see https://blog.rubygems.org/2018/02/15/2.7.6-released.html)
Dec. 21, 2017 Andrew Savchenko 2.4.2-alt4
- Properly check for __uint128_t.
Dec. 18, 2017 Andrew Savchenko 2.4.2-alt3
- Add miniruby-src subpackage.
- Bootstrap miniruby without ruby using miniruby-src.
Oct. 12, 2017 Andrey Cherepanov 2.4.2-alt2
- Merge rubygems-2.6.14 changes
- Fixes:
  + CVE-2017-0903 Unsafe Object Deserialization Vulnerability in RubyGems
2.4.2-alt1.M80P.1 built Oct. 12, 2017 Andrey Cherepanov in task #190716
Oct. 12, 2017 Andrey Cherepanov
- Backport new version with security fix to p8 branch
Sept. 16, 2017 Andrey Cherepanov 2.4.2-alt1
- New version 2.4.2
- Security fixes:
  + CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
  + CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
  + CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
  + CVE-2017-14064: Heap exposure in generating JSON
2.4.2-alt0.M80P.1 built Sept. 21, 2017 Andrey Cherepanov in task #188260
Sept. 16, 2017 Andrey Cherepanov
- Backport new version with security fixes to p8 branch
Sept. 5, 2017 Andrey Cherepanov 2.4.1-alt1
- New version 2.4.1 with gems 2.6.13
- Security fixes:
  + CVE-2017-0902 a DNS request hijacking vulnerability
  + CVE-2017-0899 an ANSI escape sequence vulnerability
  + CVE-2017-0900 a DoS vulnerability in the query command
  + CVE-2017-0901 a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files
- ext/tk: Tk is removed from stdlib. [Feature #8539]
2.3.1-alt1.M80P.1 built Aug. 23, 2017 Andrey Cherepanov in task #187296
Aug. 11, 2017 Denis Medvedev
- rebuilt for p8
March 24, 2017 Vladimir D. Seleznev 2.3.1-alt2.qa1
- Rebuilt against Tcl/Tk 8.6
March 7, 2017 Denis Medvedev 2.3.1-alt2
- Fix ruby library path
Sept. 8, 2016 Denis Medvedev 2.3.1-alt1
- new version
July 1, 2014 Led 2.0.0-alt10
- p510 upstream patchlevel
June 27, 2014 Led 2.0.0-alt9
- p499 upstream patchlevel
May 31, 2014 Led 2.0.0-alt8
- p490 upstream patchlevel
May 9, 2014 Led 2.0.0-alt7
- p481 upstream patchlevel
May 7, 2014 Led 2.0.0-alt6
- p480 upstream patchlevel
May 1, 2014 Led 2.0.0-alt5
- p477 upstream patchlevel
March 31, 2014 Led 2.0.0-alt4
- p466 upstream patchlevel
March 22, 2014 Led 2.0.0-alt3
- p462 upstream patchlevel
- excluded filetrigger for site ri cache update
March 20, 2014 Led 2.0.0-alt2
- p461 upstream patchlevel
March 19, 2014 Led 2.0.0-alt1
- 2.0.0 p458 upstream patchlevel
Feb. 24, 2014 Led 1.9.3-alt47
- p545 upstream patchlevel
Feb. 22, 2014 Led 1.9.3-alt46
- p541 upstream patchlevel
Feb. 18, 2014 Led 1.9.3-alt45
- p537 upstream patchlevel
Feb. 18, 2014 Led 1.9.3-alt44
- p535 upstream patchlevel
Feb. 14, 2014 Led 1.9.3-alt43
- p534 upstream patchlevel
Back to Top