Change log for ruby2.3 package in Ubuntu
1 → 51 of 51 results | First • Previous • Next • Last |
ruby2.3 (2.3.1-2~ubuntu16.04.16) xenial-security; urgency=medium * SECURITY UPDATE: XML round-trip vulnerability in REXML - debian/patches/CVE-2021-28965.patch: update to REXML 3.1.7.4. - CVE-2021-28965 -- Marc Deslauriers <email address hidden> Thu, 15 Apr 2021 10:39:41 -0400
Available diffs
ruby2.3 (2.3.1-2~ubuntu16.04.15) xenial-security; urgency=medium * SECURITY UPDATE: Unsafe Object Creation Vulnerability in JSON gem - debian/patches/CVE-2020-10663.patch: set json->create_additions to 0 in ext/json/parser/parser.c, ext/json/parser/parser.rl. - CVE-2020-10663 * SECURITY UPDATE: HTTP Request Smuggling attack in WEBrick - debian/patches/CVE-2020-25613.patch: make it more strict to interpret some headers in lib/webrick/httprequest.rb. - CVE-2020-25613 -- Marc Deslauriers <email address hidden> Tue, 16 Mar 2021 11:03:56 -0400
Available diffs
ruby2.3 (2.3.1-2~ubuntu16.04.14) xenial-security; urgency=medium * SECURITY UPDATE: NULL injection vulnerability - debian/patches/CVE-2019-15845.patch: ensure that pattern does not contain a NULL character in dir.c, test/ruby/test_fnmatch.rb. - CVE-2019-15845 * SECURITY UPDATE: Denial of service vulnerability - debian/patches/CVE-2019-16201.patch: fix in lib/webrick/httpauth/digestauth.rb, test/webrick/test_httpauth.rb. - CVE-2019-16201.patch * SECURITY UPDATE: HTTP response splitting in WEBrick - debian/patches/CVE-2019-16254.patch: prevent response splitting and header injection in lib/webrick/httpresponse.rb, test/webrick/test_httpresponse.rb. - CVE-2019-16254 * SECURITY UPDATE: Code injection - debian/patches/CVE-2019-16255.patch: prevent unknown command in lib/shell/command-processor.rb, test/shell/test_command_processor.rb. - CVE-2019-16255 -- <email address hidden> (Leonidas S. Barbosa) Mon, 25 Nov 2019 12:24:34 -0300
Available diffs
ruby2.3 (2.3.1-2~ubuntu16.04.13) xenial; urgency=medium * d/p/do-not-wakeup-inside-child-processes.patch: avoid child ruby processes being stuck in a busy loop (LP: #1834072) -- Andreas Hasenack <email address hidden> Tue, 25 Jun 2019 11:52:54 -0300
Available diffs
ruby2.3 (2.3.1-2~16.04.12) xenial-security; urgency=medium * SECURITY UPDATE: Delete directory using symlink when decompressing tar, Escape sequence injection vulnerability in gem owner, Escape sequence injection vulnerability in API response handling, Arbitrary code exec, Escape sequence injection vulnerability in errors - debian/patches/CVE-2019-8320-25.patch: fix in lib/rubygems/command_manager.rb, lib/rubygems/commands/owner_command.rb, lib/rubygems/gemcutter_utilities.rb, lib/rubygems/installer.rb, lib/rubygems/package.rb, test/rubygems/test_gem_package.rb, test/rubygems/test_gem_installer.rb, test/rubygems/test_gem_text.rb. - CVE-2019-8320 - CVE-2019-8321 - CVE-2019-8322 - CVE-2019-8323 - CVE-2019-8324 - CVE-2019-8325 * Fixing expired certification that causes tests to fail - debian/patches/fixing_expired_SSL_certificates.patch: fix in test/net/imap/cacert.pen, test/net/imap/server.crt, test/net/imap/server.key. * Added lisbon_tz test to excluded tests - debian/patches/0001-excluding_lisbon_tz_test.patch: test/excludes/TestTimeTZ.rb. * Fixing symlink expanding issue that makes some tests and gems fails - debian/patches/fixing_symlink_expanding_issue.patch: fix in lib/rubygems/package.rb, test/rubygems/test_gem_package.rb. -- <email address hidden> (Leonidas S. Barbosa) Wed, 03 Apr 2019 12:30:36 -0300
Available diffs
ruby2.3 (2.3.1-2~16.04.11) xenial-security; urgency=medium * SECURITY UPDATE: Name equality check - debian/patches/CVE-2018-16395.patch: fix in ext/openssl/ossl_x509name.c. - CVE-2018-16395 * SECURITY UPDATE: Tainted flags not propagted - debian/patches/CVE-2018-16396.patch: fix in pack.c, test/ruby/test_pack.rb. - CVE-2018-16396 * fixing tz test issue - debian/patches/fixing_tz_tests.patch -- <email address hidden> (Leonidas S. Barbosa) Tue, 30 Oct 2018 10:59:03 -0300
Available diffs
ruby2.3 (2.3.3-1ubuntu1.6) artful-security; urgency=medium * SECURITY UPDATE: Malicious format string - buffer overrun - debian/patches/CVE-2017-0898.patch: fix in sprintf.c, test/ruby/test_sprintf.rb. - CVE-2017-0898 * SECURITY UPDATE: Response splitting attack - debian/patches/CVE-2017-17742.patch: fix in webrick/httpresponse.rb, test/webrick/test_httpresponse.rb. - CVE-2017-17742 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-8777*.patch: fix in lib/webrick/httpresponse.rb, lib/webrick/httpservlet/filehandler.rb, test/webrick/test_filehandler.rb, test/webrick/test_httpresponse.rb. - CVE-2018-8777 -- <email address hidden> (Leonidas S. Barbosa) Mon, 11 Jun 2018 10:06:34 -0300
Available diffs
ruby2.3 (2.3.1-2~16.04.10) xenial-security; urgency=medium * SECURITY UPDATE: Malicious format string - buffer overrun - debian/patches/CVE-2017-0898.patch: fix in sprintf.c, test/ruby/test_sprintf.rb. - CVE-2017-0898 * SECURITY UPDATE: Response splitting attack - debian/patches/CVE-2017-17742.patch: fix in webrick/httpresponse.rb, test/webrick/test_httpresponse.rb. - CVE-2017-17742 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-8777*.patch: fix in lib/webrick/httpresponse.rb, lib/webrick/httpservlet/filehandler.rb, test/webrick/test_filehandler.rb, test/webrick/test_httpresponse.rb. - CVE-2018-8777 -- <email address hidden> (Leonidas S. Barbosa) Fri, 08 Jun 2018 11:24:57 -0300
Available diffs
ruby2.3 (2.3.3-1ubuntu1.5) artful-security; urgency=medium * SECURITY UPDATE: Directory traversal vulnerability - debian/patches/CVE-2018-6914.patch: fix in lib/tmpdir.rb, test/test_tempfile.rb. - CVE-2018-6914 * SECURITY UPDATE: Buffer under-read - debian/patches/CVE-2018-8778.patch: fix in pack.c, test/ruby/test_pack.rb. - CVE-2018-8778 * SECURITY UPDATE: Unintended socket - debian/patches/CVE-2018-8779.patch: fix in ext/socket/unixsocket.c, test/socket/test_unix.rb. - CVE-2018-8779 * SECURITY UPDATE: Directory traversal - debian/patches/CVE-2018-8780.patch: fix in dir.c, test/ruby/test_dir.rb. - CVE-2018-8780 -- <email address hidden> (Leonidas S. Barbosa) Fri, 13 Apr 2018 13:21:34 -0300
Available diffs
ruby2.3 (2.3.1-2~16.04.9) xenial-security; urgency=medium * SECURITY UPDATE: Directory traversal vulnerability - debian/patches/CVE-2018-6914.patch: fix in lib/tmpdir.rb, test/test_tempfile.rb. - CVE-2018-6914 * SECURITY UPDATE: Buffer under-read - debian/patches/CVE-2018-8778.patch: fix in pack.c, test/ruby/test_pack.rb. - CVE-2018-8778 * SECURITY UPDATE: Unintended socket - debian/patches/CVE-2018-8779.patch: fix in ext/socket/unixsocket.c, test/socket/test_unix.rb. - CVE-2018-8779 * SECURITY UPDATE: Directory traversal - debian/patches/CVE-2018-8780.patch: fix in dir.c, test/ruby/test_dir.rb. - CVE-2018-8780 -- <email address hidden> (Leonidas S. Barbosa) Fri, 13 Apr 2018 11:38:20 -0300
Available diffs
ruby2.3 (2.3.3-1ubuntu1.4) artful-security; urgency=medium * SECURITY UPDATE: Directory traversal - debian/patches/CVE-2018-1000073.patch: fix in lib/rubygems/package.rb. - CVE-2018-1000073 * SECURITY UPDATE: Deserialization untrusted data - debian/patches/CVE-2018-1000074.patch fix in lib/rubygems/commands/owner_command.rb, test/rubygems/test_gem_commands_owner_command.rb. - CVE-2018-1000074 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2018-1000075.patch: fix in lib/rubygems/package/tar_header.rb, test/rubygems/test_gem_package_tar_header.rb. - CVE-2018-1000075 * SECURITY UPDATE: Improper verification of crypto signature - debian/patches/CVE-2018-1000076.patch: fix in lib/rubygems/package.rb, lib/rubygems/pacage/tar_writer.rb, test/rubygems/test_gem_pacakge.rg - CVE-2018-1000076 * SECURITY UPDATE: Validation vulnerability - debian/patches/CVE-2018-1000077.patch: fix in lib/rubygems/specification.rb, test/rubygems/test_gem_specification.rb. - CVE-2018-1000077 * SECURITY UPDATE: Cross site scripting - debian/patches/CVE-2018-1000078.patch: fix in lib/rubygems/server.rb. - CVE-2018-1000078 * SECURITY UPDATE: Directory traversal - debian/patches/CVE-2018-1000079.patch: fix in lib/rubygems/package.rb. - CVE-2018-1000079 -- <email address hidden> (Leonidas S. Barbosa) Wed, 04 Apr 2018 13:23:52 -0300
Available diffs
ruby2.3 (2.3.1-2~16.04.7) xenial-security; urgency=medium * SECURITY UPDATE: Directory traversal - debian/patches/CVE-2018-1000073.patch: fix in lib/rubygems/package.rb. - CVE-2018-1000073 * SECURITY UPDATE: Deserialization untrusted data - debian/patches/CVE-2018-1000074.patch fix in lib/rubygems/commands/owner_command.rb, test/rubygems/test_gem_commands_owner_command.rb. - CVE-2018-1000074 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2018-1000075.patch: fix in lib/rubygems/package/tar_header.rb, test/rubygems/test_gem_package_tar_header.rb. - CVE-2018-1000075 * SECURITY UPDATE: Improper verification of crypto signature - debian/patches/CVE-2018-1000076.patch: fix in lib/rubygems/package.rb, lib/rubygems/pacage/tar_writer.rb, test/rubygems/test_gem_pacakge.rg - CVE-2018-1000076 * SECURITY UPDATE: Validation vulnerability - debian/patches/CVE-2018-1000077.patch: fix in lib/rubygems/specification.rb, test/rubygems/test_gem_specification.rb. - CVE-2018-1000077 * SECURITY UPDATE: Cross site scripting - debian/patches/CVE-2018-1000078.patch: fix in lib/rubygems/server.rb. - CVE-2018-1000078 * SECURITY UPDATE: Directory traversal - debian/patches/CVE-2018-1000079.patch: fix in lib/rubygems/package.rb. - CVE-2018-1000079 -- <email address hidden> (Leonidas S. Barbosa) Wed, 04 Apr 2018 12:16:06 -0300
Available diffs
Deleted in bionic-release (Reason: remove legacy ruby2.3 version) |
Superseded in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
ruby2.3 (2.3.6-2ubuntu1) bionic; urgency=medium * Ignore TestTimeTZ Asia/Tokyo test failures. * Ignore gdbm test failures, we are removing ruby2.3 anyway. -- Matthias Klose <email address hidden> Tue, 06 Feb 2018 21:51:52 +0100
Available diffs
- diff from 2.3.6-2 (in Debian) to 2.3.6-2ubuntu1 (873 bytes)
- diff from 2.3.6-2build1 to 2.3.6-2ubuntu1 (853 bytes)
Superseded in bionic-proposed |
ruby2.3 (2.3.6-2build1) bionic; urgency=medium * No-change rebuild for ruby2.5 update. -- Matthias Klose <email address hidden> Thu, 01 Feb 2018 19:14:22 +0000
Available diffs
- diff from 2.3.6-2 (in Debian) to 2.3.6-2build1 (337 bytes)
ruby2.3 (2.3.1-2~16.04.6) xenial-security; urgency=medium * SECURITY UPDATE: fails to validade specification names - debian/patches/CVE-2017-0901-0902.patch: fix this. - CVE-2017-0901 * SECURITY UPDATE: vulnerable to a DNS hijacking - debian/patches/CVE-2017-0901-0902.patch fix this. - CVE-2017-0902 * SECURITY UPDATE: possible remote code execution - debian/patches/CVE-2017-0903.patch: whitelist classes and symbols that are in Gem spec YAML in lib/rubygems.rb, lib/rubygens/config_file.rb, lib/rubygems/package.rb, lib/rubygems/package/old.rb, lib/rubygems/safe_yaml.rb, lib/rubygems/specification.rb. - CVE-2017-0903 -- <email address hidden> (Leonidas S. Barbosa) Tue, 30 Jan 2018 14:54:19 -0300
Available diffs
ruby2.3 (2.3.3-1ubuntu1.3) artful-security; urgency=medium * SECURITY UPDATE: fails to validade specification names - debian/patches/CVE-2017-0901-0902.patch: fix this. - CVE-2017-0901 * SECURITY UPDATE: vulnerable to a DNS hijacking - debian/patches/CVE-2017-0901-0902.patch fix this. - CVE-2017-0902 * SECURITY UPDATE: possible remote code execution - debian/patches/CVE-2017-0903.patch: whitelist classes and symbols that are in Gem spec YAML in lib/rubygems.rb, lib/rubygens/config_file.rb, lib/rubygems/package.rb, lib/rubygems/package/old.rb, lib/rubygems/safe_yaml.rb, lib/rubygems/specification.rb. - CVE-2017-0903 -- <email address hidden> (Leonidas S. Barbosa) Tue, 30 Jan 2018 15:00:37 -0300
Available diffs
ruby2.3 (2.3.3-1ubuntu1.2) artful-security; urgency=medium * SECURITY UPDATE: possible command injection attacks through kernel#open - debian/patches/CVE-2017-17790.patch: fix uses of Kernel#open in lib/resolv.rb. - CVE-2017-17790 * SECURITY UPDATE: possibly execute arbitrary commands via a crafted user name - debian/patches/CVE-2017-10784.patch: sanitize any type of logs in lib/webrick/httpstatus.rb, lib/webrick/log.rb and test/webrick/test_httpauth.rb. - CVE-2017-10784 * SECURITY UPDATE: denial of service via a crafted string - debian/patches/CVE-2017-14033.patch: fix in ext/openssl/ossl_asn1.c. - CVE-2017-14033 * SECURITY UPDATE: Arbitrary memory expose during a JSON.generate call - debian/patches/CVE-2017-14064.patch: fix this in ext/json/ext/generator/generator.c and ext/json/ext/generator/generator.h. -- <email address hidden> (Leonidas S. Barbosa) Tue, 09 Jan 2018 11:41:26 -0300
Available diffs
ruby2.3 (2.3.1-2~16.04.5) xenial-security; urgency=medium * SECURITY UPDATE: possible command injection attacks through kernel#open - debian/patches/CVE-2017-17790.patch: fix uses of Kernel#open in lib/resolv.rb. - CVE-2017-17790 * SECURITY UPDATE: possibly execute arbitrary commands via a crafted user name - debian/patches/CVE-2017-10784.patch: sanitize any type of logs in lib/webrick/httpstatus.rb, lib/webrick/log.rb and test/webrick/test_httpauth.rb. - CVE-2017-10784 * SECURITY UPDATE: denial of service via a crafted string - debian/patches/CVE-2017-14033.patch: fix in ext/openssl/ossl_asn1.c. - CVE-2017-14033 * SECURITY UPDATE: Arbitrary memory expose during a JSON.generate call - debian/patches/CVE-2017-14064.patch: fix this in ext/json/ext/generator/generator.c and ext/json/ext/generator/generator.h. -- <email address hidden> (Leonidas S. Barbosa) Tue, 09 Jan 2018 11:43:22 -0300
Available diffs
ruby2.3 (2.3.3-1ubuntu1.1) artful-security; urgency=medium * SECURITY UPDATE: command injection through Net::FTP - debian/patches/CVE-2017-17405.patch: fix command injection in lib/net/ftp.rb, test/net/ftp/test_ftp.rb. - CVE-2017-17405 * Exclude some tests that fails in launchpad - debian/patches/0090-Exclude-tests-that-fail-on-Ubuntu-builds.patch * Fixing issues in build with gcc7 and adding new symbols since this patch/fix requires it - debian/patches/fixing-gcc7-build-issue.patch (Closes: #853648) -- <email address hidden> (Leonidas S. Barbosa) Tue, 02 Jan 2018 09:40:17 -0300
Available diffs
ruby2.3 (2.3.6-2) unstable; urgency=medium * debian/patches/0011-Increase-timeout-to-avoid-build-failures-on-mips.patch: increase timeout in both tests that have one (now hopefully really Closes: #882404) * debian/rules: run tests in verbose mode during build * autopkgtest: make use of the text exclusion rules under test/excludes/ -- Antonio Terceiro <email address hidden> Fri, 22 Dec 2017 15:45:29 -0200
Available diffs
- diff from 2.3.5-1ubuntu4 (in Ubuntu) to 2.3.6-2 (11.4 KiB)
- diff from 2.3.6-1 to 2.3.6-2 (1.0 KiB)
ruby2.3 (2.3.6-1) unstable; urgency=medium [ Antonio Terceiro ] * New upstream version 2.3.6 * Update symbols file * Refresh patches. 0011-Whitelist-classes-and-symbols-that-are-in-Gem-spec-Y.patch: dropped, applied upstream [ Adrian Bunk ] * Force exact precision on i386 (Closes: #881804) [ James Cowgill ] * Increase timeout to avoid build failures on mips* (Closes: #882404) [ Matthias Klose ] * Update symbols file (Closes: #881848) * Skip tests that fail on Launchpad builders -- Antonio Terceiro <email address hidden> Fri, 22 Dec 2017 11:19:41 -0200
Available diffs
ruby2.3 (2.3.1-2~16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: command injection through Net::FTP - debian/patches/CVE-2017-17405.patch: fix command injection in lib/net/ftp.rb, test/net/ftp/test_ftp.rb. - CVE-2017-17405 * Exclude some tests that fails in launchpad: - debian/patches/0090-Exclude-tests-that-fail-on-Ubuntu-builds.patch -- <email address hidden> (Leonidas S. Barbosa) Mon, 18 Dec 2017 16:25:28 -0300
Available diffs
ruby2.3 (2.3.3-1ubuntu0.3) zesty-security; urgency=medium * SECURITY UPDATE: command injection through Net::FTP - debian/patches/CVE-2017-17405.patch: fix command injection in lib/net/ftp.rb, test/net/ftp/test_ftp.rb. - CVE-2017-17405 * Exclude some tests that fails in launchpad: - debian/patches/0090-Exclude-tests-that-fail-on-Ubuntu-builds.patch -- <email address hidden> (Leonidas S. Barbosa) Mon, 18 Dec 2017 16:30:21 -0300
Available diffs
ruby2.3 (2.3.5-1ubuntu4) bionic; urgency=medium * Ignore two test failures. * Mark a symbol as optional. -- Matthias Klose <email address hidden> Wed, 15 Nov 2017 14:16:49 +0100
Available diffs
- diff from 2.3.3-1ubuntu1 to 2.3.5-1ubuntu4 (98.7 KiB)
- diff from 2.3.5-1ubuntu3 to 2.3.5-1ubuntu4 (1.5 KiB)
Superseded in bionic-proposed |
ruby2.3 (2.3.5-1ubuntu3) bionic; urgency=medium * Ignore two test failures. * Mark a symbol as optional. -- Matthias Klose <email address hidden> Wed, 15 Nov 2017 14:16:49 +0100
Available diffs
- diff from 2.3.5-1ubuntu2 to 2.3.5-1ubuntu3 (411 bytes)
Superseded in bionic-proposed |
ruby2.3 (2.3.5-1ubuntu2) bionic; urgency=medium * Ignore two test failures. * Mark a symbol as optional. -- Matthias Klose <email address hidden> Wed, 15 Nov 2017 14:16:49 +0100
Available diffs
- diff from 2.3.5-1ubuntu1 to 2.3.5-1ubuntu2 (969 bytes)
Superseded in bionic-proposed |
ruby2.3 (2.3.5-1ubuntu1) bionic; urgency=medium * Ignore two test failures. -- Matthias Klose <email address hidden> Wed, 15 Nov 2017 13:41:50 +0100
Available diffs
- diff from 2.3.5-1 (in Debian) to 2.3.5-1ubuntu1 (771 bytes)
ruby2.3 (2.3.5-1) unstable; urgency=medium * New upstream release. - Includes fix for building with GCC 7 (Closes: #853648) - Included security fixes - Buffer underrun vulnerability in OpenSSL ASN1 decode [CVE-2017-14033] (Closes: #875928) - Escape sequence injection vulnerability in the Basic authentication of WEBrick [CVE-2017-10784] (Closes: #875931) - Buffer underrun vulnerability in Kernel.sprintf [CVE-2017-0898] (Closes: #875936) - Multiple security vulnerabilities in Rubygems (Closes: #873802) - DNS request hijacking vulnerability. Discovered by Jonathan Claudius, fix by Samuel Giddins. [CVE-2017-0902] - ANSI escape sequence vulnerability. Discovered by Yusuke Endoh, fix by Evan Phoenix. [CVE-2017-0899] - DOS vulernerability in the query command. Discovered by Yusuke Endoh, fix by Samuel Giddins. [CVE-2017-0900] - Vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. Discovered by Yusuke Endoh, fix by Samuel Giddins. [CVE-2017-0901] - Arbitrary heap exposure problem in the JSON library [CVE-2017-14064] (Closes: #873906) - SMTP comment injection [CVE-2015-9096] (Closes: #864860) - IV Reuse in GCM Mode in the OpenSSL bindings [CVE-2016-7798] (Closes: #842432) * Whitelist classes and symbols that are in Gem spec YAML [CVE-2017-0903] (Closes: #879231) Original patch by Aaron Patterson; backported from the standalone Rubygems package * Convert packaging from using a plain git history to using gbp-pq, thus making debian individual patches explicitly present in debian/patches * Refresh debian/libruby2.3.symbols. There are some removed symbols, but they are never exposed in a header file so there should be no packages using them. -- Antonio Terceiro <email address hidden> Tue, 14 Nov 2017 11:06:39 -0200
Available diffs
- diff from 2.3.3-1+deb9u1 to 2.3.5-1 (99.2 KiB)
Superseded in bionic-proposed |
ruby2.3 (2.3.3-1+deb9u1) stretch-security; urgency=high * Fix arbitrary heap exposure problem in the JSON library (Closes: #873906) [CVE-2017-14064] - Backported for Ruby 2.3 by Hiroshi SHIBATA <email address hidden> https://bugs.ruby-lang.org/issues/13853 * Fix multiple security vulnerabilities in Rubygems (Closes: #873802) - Fix a DNS request hijacking vulnerability. Discovered by Jonathan Claudius, fix by Samuel Giddins. [CVE-2017-0902] - Fix an ANSI escape sequence vulnerability. Discovered by Yusuke Endoh, fix by Evan Phoenix. [CVE-2017-0899] - Fix a DOS vulernerability in the query command. Discovered by Yusuke Endoh, fix by Samuel Giddins. [CVE-2017-0900] - Fix a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. Discovered by Yusuke Endoh, fix by Samuel Giddins. [CVE-2017-0901] * Fix SMTP comment injection (Closes: #864860) Patch by Shugo Maeda <email address hidden> [CVE-2015-9096] * Fix IV Reuse in GCM Mode (Closes: #842432) Patch by Kazuki Yamaguchi <email address hidden> [CVE-2016-7798] -- Antonio Terceiro <email address hidden> Sat, 02 Sep 2017 15:11:07 -0300
ruby2.3 (2.3.1-2~16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: SMTP command injection - debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb. - CVE-2015-9096 * SECURITY UPDATE: use of same initialization vector (IV) - debian/patches/CVE-2016-7798.patch: don't set dummy key in ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb. - CVE-2016-7798 * debian/rules: enable full test suite * debian/control: added netbase to Build-Depends * debian/patches/fix_tests.patch: fix tests that do not work correctly. -- Marc Deslauriers <email address hidden> Tue, 20 Jun 2017 11:05:02 -0400
Available diffs
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
ruby2.3 (2.3.3-1ubuntu1) artful; urgency=medium * SECURITY UPDATE: SMTP command injection - debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb. - CVE-2015-9096 * SECURITY UPDATE: use of same initialization vector (IV) - debian/patches/CVE-2016-7798.patch: don't set dummy key in ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb. - CVE-2016-7798 -- Marc Deslauriers <email address hidden> Fri, 16 Jun 2017 10:27:43 -0400
Available diffs
ruby2.3 (2.3.3-1ubuntu0.1) zesty-security; urgency=medium * SECURITY UPDATE: SMTP command injection - debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb. - CVE-2015-9096 * SECURITY UPDATE: use of same initialization vector (IV) - debian/patches/CVE-2016-7798.patch: don't set dummy key in ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb. - CVE-2016-7798 -- Marc Deslauriers <email address hidden> Fri, 16 Jun 2017 11:23:32 -0400
Available diffs
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
ruby2.3 (2.3.3-1) unstable; urgency=medium * New upstream version. -- Christian Hofstaedtler <email address hidden> Tue, 22 Nov 2016 12:32:41 +0000
Available diffs
- diff from 2.3.1-5build2 (in Ubuntu) to 2.3.3-1 (100.9 KiB)
- diff from 2.3.2-1 to 2.3.3-1 (5.3 KiB)
ruby2.3 (2.3.2-1) unstable; urgency=medium * New upstream version. -- Christian Hofstaedtler <email address hidden> Wed, 16 Nov 2016 01:31:08 +0000
Available diffs
- diff from 2.3.1-6 to 2.3.2-1 (98.9 KiB)
ruby2.3 (2.3.1-6) unstable; urgency=medium * debian/rules: honor 'nocheck' flag in DEB_BUILD_OPTIONS (Closes: #842768). Thanks to John Paul Adrian Glaubitz for the patch. * Build-Depends on libssl1.0-dev. Ruby 2.3 is not likely to get OpenSSL 1.1 compatibility (see #828535) -- Antonio Terceiro <email address hidden> Wed, 09 Nov 2016 14:38:59 -0200
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
ruby2.3 (2.3.1-5build2) yakkety; urgency=medium * No-change rebuild for readline soname change. -- Matthias Klose <email address hidden> Sun, 18 Sep 2016 10:16:17 +0000
Available diffs
- diff from 2.3.1-5 (in Debian) to 2.3.1-5build2 (357 bytes)
- diff from 2.3.1-5build1 to 2.3.1-5build2 (293 bytes)
Superseded in yakkety-proposed |
ruby2.3 (2.3.1-5build1) yakkety; urgency=medium * No-change rebuild for readline soname change. -- Matthias Klose <email address hidden> Sat, 17 Sep 2016 12:09:12 +0000
Available diffs
- diff from 2.3.1-5 (in Debian) to 2.3.1-5build1 (335 bytes)
ruby2.3 (2.3.1-5) unstable; urgency=medium * Increase timeout for test_array.rb test_permutation_stack_error, as Array#permutation is very slow on armel, mips, mipsel. Forwarded to upstream as issue #12502. * Disable test_process.rb test_aspawn_too_long_path, as it uses ~2GB of RAM and a lot of CPU time before finally failing on mips, mipsel. Forwarded to upstream as issue #12500. * Increase timeout for test_gc.rb test_gc_parameter, for mips, mipsel. -- Christian Hofstaedtler <email address hidden> Fri, 17 Jun 2016 23:30:49 +0000
Available diffs
- diff from 2.3.1-2 to 2.3.1-5 (3.7 KiB)
- diff from 2.3.1-4 to 2.3.1-5 (1.6 KiB)
ruby2.3 (2.3.1-4) unstable; urgency=medium * Backport some test changes from Ruby trunk, to fix (some) build failures on archs other than amd64, i386, ppc64el, s390x. -- Christian Hofstaedtler <email address hidden> Wed, 15 Jun 2016 07:32:02 +0000
Available diffs
- diff from 2.3.1-3 to 2.3.1-4 (1.0 KiB)
ruby2.3 (2.3.1-2~16.04) xenial-proposed; urgency=medium * SRU: LP: #1589271, backport 2.3.1 to 16.04 LTS. * Fixes tests on s390x. LP: #1556783.
Available diffs
- diff from 2.3.0-5ubuntu1 to 2.3.1-2~16.04 (80.6 KiB)
ruby2.3 (2.3.1-3) unstable; urgency=medium * Replace libruby2.3-dbg with automatic dbgsym packages. * Avoid unreproducible rbconfig.rb (always use bash to build). * rdoc: sort input filenames in a consistent way (for reproducible). * Run full testsuite during build (make check instead of make test). -- Christian Hofstaedtler <email address hidden> Tue, 14 Jun 2016 20:47:45 +0000
Available diffs
- diff from 2.3.1-2 to 2.3.1-3 (2.5 KiB)
ruby2.3 (2.3.1-2) unstable; urgency=medium [ Antonio Terceiro ] * debian/tests/known-failures.txt: remove test that now passes (test/rinda/test_rinda.rb) * debian/rules: enable bindnow hardening option (Closes: #822288) * debian/copyright: update and simplify copyright annotations for Unicode files under enc/trans/JIS/ * Bump Standards-Version to 3.9.8 (no changes needed) [ Christian Hofstaedtler ] * Stop providing ruby-interpreter. Only packages providing /usr/bin/ruby can be a credible provider of ruby-interpreter. (Closes: #822072) * Raise priority to "optional", now that ruby2.2 is gone, although the value of this change is unclear. (Closes: #822911) * Apply patch from Reiner Herrmann <email address hidden> to help with reproducibility of mkmf.rb using packages. (Closes: #825569) -- Christian Hofstaedtler <email address hidden> Mon, 30 May 2016 12:14:46 +0000
Available diffs
- diff from 2.3.1-1 to 2.3.1-2 (2.3 KiB)
ruby2.3 (2.3.1-1) unstable; urgency=medium * Call make install-doc, install-nodoc with V=1, for diagnosing build failures. * New upstream TEENY version. -- Christian Hofstaedtler <email address hidden> Wed, 27 Apr 2016 07:40:42 +0000
Available diffs
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
ruby2.3 (2.3.0-5ubuntu1) xenial; urgency=medium * Merge with Debian; remaining changes: - Don't run tests on s390x, hanging on the buildds.
Available diffs
- diff from 2.3.0-4ubuntu3 to 2.3.0-5ubuntu1 (2.2 KiB)
- diff from 2.3.0-5 (in Debian) to 2.3.0-5ubuntu1 (735 bytes)
ruby2.3 (2.3.0-5) unstable; urgency=medium * Set gzip embedded mtime field to fixed value for rdoc-generated compressed javascript data. Helps with reproducibility of rdoc-using packages. * Build tcltk extension for Tcl/Tk 8.6. * Apply patch from upstream to fix crash in Proc binding. (ruby-core: 74100, trunk r54128, bug #12137). (Closes: #816161) -- Christian Hofstaedtler <email address hidden> Wed, 16 Mar 2016 23:36:12 +0000
Available diffs
ruby2.3 (2.3.0-4ubuntu3) xenial; urgency=medium * Build using Tcl/Tk 8.6. -- Matthias Klose <email address hidden> Mon, 14 Mar 2016 11:25:22 +0100
Available diffs
- diff from 2.3.0-4ubuntu2 to 2.3.0-4ubuntu3 (722 bytes)
ruby2.3 (2.3.0-4ubuntu2) xenial; urgency=medium * Don't run tests on s390x, hanging on the buildds. * Ignore test results on i386. -- Matthias Klose <email address hidden> Mon, 14 Mar 2016 09:02:50 +0100
Available diffs
- diff from 2.3.0-2 (in Debian) to 2.3.0-4ubuntu2 (3.2 KiB)
- diff from 2.3.0-4ubuntu1 to 2.3.0-4ubuntu2 (496 bytes)
Superseded in xenial-proposed |
ruby2.3 (2.3.0-4ubuntu1) xenial; urgency=medium * Ignore test results on s390x. -- Matthias Klose <email address hidden> Mon, 14 Mar 2016 09:02:50 +0100
Available diffs
- diff from 2.3.0-4 (in Debian) to 2.3.0-4ubuntu1 (502 bytes)
ruby2.3 (2.3.0-4) unstable; urgency=medium * Apply patch from upstream to fix deserializing OpenStruct via Psych, (ruby-core: 72501, trunk r53366). (Closes: #816358) -- Christian Hofstaedtler <email address hidden> Tue, 01 Mar 2016 22:41:19 +0100
Available diffs
- diff from 2.3.0-2 to 2.3.0-4 (3.0 KiB)
Superseded in xenial-release |
Superseded in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
ruby2.3 (2.3.0-2) unstable; urgency=medium * debian/libruby2.3.symbols: update with new symbols introduced right before the final 2.3.0 release. * libruby2.3: add dependencies on rake, ruby-did-you-mean and ruby-net-telnet -- Antonio Terceiro <email address hidden> Sat, 30 Jan 2016 09:20:31 -0200
Available diffs
- diff from 2.3.0-1 to 2.3.0-2 (1.0 KiB)
ruby2.3 (2.3.0-1) unstable; urgency=medium [ Antonio Terceiro ] * Ruby 2.3 * debian/tests/bundled-gems: check if all libraries that are supposed to be bundled are present, with a version greater than or equal to the one specified in gems/bundled_gems * debian/tests/run-all: filter failures against list of known failures. Pass if only the tests listed in debian/tests/known-failures.txt fail, fail otherwise. This will help catch regressions. * debian/copyright: update wrt new files in the distribution [ Christian Hofstaedtler ] * autopkgtest: depend on all packages so we actually have header files installed. -- Antonio Terceiro <email address hidden> Mon, 28 Dec 2015 09:17:47 -0300
1 → 51 of 51 results | First • Previous • Next • Last |