Ubuntu
ruby2.3 package

Change log for ruby2.3 package in Ubuntu

151 of 51 results FirstPreviousNextLast
Published in xenial-updates
Published in xenial-security 
ruby2.3 (2.3.1-2~ubuntu16.04.16) xenial-security; urgency=medium

  * SECURITY UPDATE: XML round-trip vulnerability in REXML
    - debian/patches/CVE-2021-28965.patch: update to REXML 3.1.7.4.
    - CVE-2021-28965

 -- Marc Deslauriers <email address hidden>  Thu, 15 Apr 2021 10:39:41 -0400
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~ubuntu16.04.15) xenial-security; urgency=medium

  * SECURITY UPDATE: Unsafe Object Creation Vulnerability in JSON gem
    - debian/patches/CVE-2020-10663.patch: set json->create_additions to 0
      in ext/json/parser/parser.c, ext/json/parser/parser.rl.
    - CVE-2020-10663
  * SECURITY UPDATE: HTTP Request Smuggling attack in WEBrick
    - debian/patches/CVE-2020-25613.patch: make it more strict to interpret
      some headers in lib/webrick/httprequest.rb.
    - CVE-2020-25613

 -- Marc Deslauriers <email address hidden>  Tue, 16 Mar 2021 11:03:56 -0400
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~ubuntu16.04.14) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL injection vulnerability
    - debian/patches/CVE-2019-15845.patch: ensure that
      pattern does not contain a NULL character in dir.c,
      test/ruby/test_fnmatch.rb.
    - CVE-2019-15845
  * SECURITY UPDATE: Denial of service vulnerability
    - debian/patches/CVE-2019-16201.patch: fix in
      lib/webrick/httpauth/digestauth.rb,
      test/webrick/test_httpauth.rb.
    - CVE-2019-16201.patch
  * SECURITY UPDATE: HTTP response splitting in WEBrick
    - debian/patches/CVE-2019-16254.patch: prevent response
      splitting and header injection in lib/webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2019-16254
  * SECURITY UPDATE: Code injection
    - debian/patches/CVE-2019-16255.patch: prevent unknown command
      in lib/shell/command-processor.rb, test/shell/test_command_processor.rb.
    - CVE-2019-16255

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 25 Nov 2019 12:24:34 -0300
Superseded in xenial-updates
Deleted in xenial-proposed (Reason: moved to -updates) 
ruby2.3 (2.3.1-2~ubuntu16.04.13) xenial; urgency=medium

  * d/p/do-not-wakeup-inside-child-processes.patch: avoid child ruby processes
    being stuck in a busy loop (LP: #1834072)

 -- Andreas Hasenack <email address hidden>  Tue, 25 Jun 2019 11:52:54 -0300
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~16.04.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Delete directory using symlink when decompressing tar,
    Escape sequence injection vulnerability in gem owner, Escape sequence
    injection vulnerability in API response handling, Arbitrary code exec,
    Escape sequence injection vulnerability in errors
    - debian/patches/CVE-2019-8320-25.patch: fix in
      lib/rubygems/command_manager.rb,
      lib/rubygems/commands/owner_command.rb,
      lib/rubygems/gemcutter_utilities.rb,
      lib/rubygems/installer.rb,
      lib/rubygems/package.rb,
      test/rubygems/test_gem_package.rb,
      test/rubygems/test_gem_installer.rb,
      test/rubygems/test_gem_text.rb.
    - CVE-2019-8320
    - CVE-2019-8321
    - CVE-2019-8322
    - CVE-2019-8323
    - CVE-2019-8324
    - CVE-2019-8325
  * Fixing expired certification that causes tests to fail
    - debian/patches/fixing_expired_SSL_certificates.patch: fix in
      test/net/imap/cacert.pen, test/net/imap/server.crt,
      test/net/imap/server.key.
  * Added lisbon_tz test to excluded tests
    - debian/patches/0001-excluding_lisbon_tz_test.patch:
      test/excludes/TestTimeTZ.rb.
  * Fixing symlink expanding issue that makes some tests and gems fails
    - debian/patches/fixing_symlink_expanding_issue.patch: fix in
      lib/rubygems/package.rb, test/rubygems/test_gem_package.rb.

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 03 Apr 2019 12:30:36 -0300
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~16.04.11) xenial-security; urgency=medium

  * SECURITY UPDATE: Name equality check
    - debian/patches/CVE-2018-16395.patch: fix in
      ext/openssl/ossl_x509name.c.
    - CVE-2018-16395
  * SECURITY UPDATE: Tainted flags not propagted
    - debian/patches/CVE-2018-16396.patch: fix in
      pack.c, test/ruby/test_pack.rb.
    - CVE-2018-16396
  * fixing tz test issue
    - debian/patches/fixing_tz_tests.patch

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 30 Oct 2018 10:59:03 -0300
Obsolete in artful-updates
Obsolete in artful-security 
ruby2.3 (2.3.3-1ubuntu1.6) artful-security; urgency=medium

  * SECURITY UPDATE: Malicious format string - buffer overrun
    - debian/patches/CVE-2017-0898.patch: fix in sprintf.c,
      test/ruby/test_sprintf.rb.
    - CVE-2017-0898
  * SECURITY UPDATE: Response splitting attack
    - debian/patches/CVE-2017-17742.patch: fix in webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2017-17742
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-8777*.patch: fix in lib/webrick/httpresponse.rb,
      lib/webrick/httpservlet/filehandler.rb,
      test/webrick/test_filehandler.rb, test/webrick/test_httpresponse.rb.
    - CVE-2018-8777

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 11 Jun 2018 10:06:34 -0300
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~16.04.10) xenial-security; urgency=medium

  * SECURITY UPDATE: Malicious format string - buffer overrun
    - debian/patches/CVE-2017-0898.patch: fix in sprintf.c,
      test/ruby/test_sprintf.rb.
    - CVE-2017-0898
  * SECURITY UPDATE: Response splitting attack
    - debian/patches/CVE-2017-17742.patch: fix in webrick/httpresponse.rb,
      test/webrick/test_httpresponse.rb.
    - CVE-2017-17742
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-8777*.patch: fix in lib/webrick/httpresponse.rb,
      lib/webrick/httpservlet/filehandler.rb,
      test/webrick/test_filehandler.rb, test/webrick/test_httpresponse.rb.
    - CVE-2018-8777

 -- <email address hidden> (Leonidas S. Barbosa)  Fri, 08 Jun 2018 11:24:57 -0300
Superseded in artful-updates
Superseded in artful-security 
ruby2.3 (2.3.3-1ubuntu1.5) artful-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/CVE-2018-6914.patch: fix in lib/tmpdir.rb,
      test/test_tempfile.rb.
    - CVE-2018-6914
  * SECURITY UPDATE: Buffer under-read
    - debian/patches/CVE-2018-8778.patch: fix in pack.c,
      test/ruby/test_pack.rb.
    - CVE-2018-8778
  * SECURITY UPDATE: Unintended socket
    - debian/patches/CVE-2018-8779.patch: fix in ext/socket/unixsocket.c,
      test/socket/test_unix.rb.
    - CVE-2018-8779
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-8780.patch: fix in dir.c,
      test/ruby/test_dir.rb.
    - CVE-2018-8780

 -- <email address hidden> (Leonidas S. Barbosa)  Fri, 13 Apr 2018 13:21:34 -0300
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~16.04.9) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/CVE-2018-6914.patch: fix in lib/tmpdir.rb,
      test/test_tempfile.rb.
    - CVE-2018-6914
  * SECURITY UPDATE: Buffer under-read
    - debian/patches/CVE-2018-8778.patch: fix in pack.c,
      test/ruby/test_pack.rb.
    - CVE-2018-8778
  * SECURITY UPDATE: Unintended socket
    - debian/patches/CVE-2018-8779.patch: fix in ext/socket/unixsocket.c,
      test/socket/test_unix.rb.
    - CVE-2018-8779
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-8780.patch: fix in dir.c,
      test/ruby/test_dir.rb.
    - CVE-2018-8780

 -- <email address hidden> (Leonidas S. Barbosa)  Fri, 13 Apr 2018 11:38:20 -0300
Superseded in artful-updates
Superseded in artful-security 
ruby2.3 (2.3.3-1ubuntu1.4) artful-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000073.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000073
  * SECURITY UPDATE: Deserialization untrusted data
    - debian/patches/CVE-2018-1000074.patch fix in
      lib/rubygems/commands/owner_command.rb,
      test/rubygems/test_gem_commands_owner_command.rb.
    - CVE-2018-1000074
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-1000075.patch: fix in
      lib/rubygems/package/tar_header.rb,
      test/rubygems/test_gem_package_tar_header.rb.
    - CVE-2018-1000075
  * SECURITY UPDATE: Improper verification of crypto
    signature
    - debian/patches/CVE-2018-1000076.patch: fix in
      lib/rubygems/package.rb, lib/rubygems/pacage/tar_writer.rb,
      test/rubygems/test_gem_pacakge.rg
    - CVE-2018-1000076
  * SECURITY UPDATE: Validation vulnerability
    - debian/patches/CVE-2018-1000077.patch: fix in
      lib/rubygems/specification.rb,
      test/rubygems/test_gem_specification.rb.
    - CVE-2018-1000077
  * SECURITY UPDATE: Cross site scripting
    - debian/patches/CVE-2018-1000078.patch: fix in
      lib/rubygems/server.rb.
    - CVE-2018-1000078
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000079.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000079

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 04 Apr 2018 13:23:52 -0300
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~16.04.7) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000073.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000073
  * SECURITY UPDATE: Deserialization untrusted data
    - debian/patches/CVE-2018-1000074.patch fix in
      lib/rubygems/commands/owner_command.rb,
      test/rubygems/test_gem_commands_owner_command.rb.
    - CVE-2018-1000074
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-1000075.patch: fix in
      lib/rubygems/package/tar_header.rb,
      test/rubygems/test_gem_package_tar_header.rb.
    - CVE-2018-1000075
  * SECURITY UPDATE: Improper verification of crypto
    signature
    - debian/patches/CVE-2018-1000076.patch: fix in
      lib/rubygems/package.rb, lib/rubygems/pacage/tar_writer.rb,
      test/rubygems/test_gem_pacakge.rg
    - CVE-2018-1000076
  * SECURITY UPDATE: Validation vulnerability
    - debian/patches/CVE-2018-1000077.patch: fix in
      lib/rubygems/specification.rb,
      test/rubygems/test_gem_specification.rb.
    - CVE-2018-1000077
  * SECURITY UPDATE: Cross site scripting
    - debian/patches/CVE-2018-1000078.patch: fix in
      lib/rubygems/server.rb.
    - CVE-2018-1000078
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000079.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000079

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 04 Apr 2018 12:16:06 -0300
Deleted in bionic-release (Reason: remove legacy ruby2.3 version)
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
ruby2.3 (2.3.6-2ubuntu1) bionic; urgency=medium

  * Ignore TestTimeTZ Asia/Tokyo test failures.
  * Ignore gdbm test failures, we are removing ruby2.3 anyway.

 -- Matthias Klose <email address hidden>  Tue, 06 Feb 2018 21:51:52 +0100
Superseded in bionic-proposed 
ruby2.3 (2.3.6-2build1) bionic; urgency=medium

  * No-change rebuild for ruby2.5 update.

 -- Matthias Klose <email address hidden>  Thu, 01 Feb 2018 19:14:22 +0000
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~16.04.6) xenial-security; urgency=medium

  * SECURITY UPDATE: fails to validade specification names
    - debian/patches/CVE-2017-0901-0902.patch:  fix this.
    - CVE-2017-0901
  * SECURITY UPDATE: vulnerable to a DNS hijacking
    - debian/patches/CVE-2017-0901-0902.patch fix this.
    - CVE-2017-0902
  * SECURITY UPDATE: possible remote code execution
    - debian/patches/CVE-2017-0903.patch: whitelist classes
      and symbols that are in Gem spec YAML in lib/rubygems.rb,
      lib/rubygens/config_file.rb, lib/rubygems/package.rb,
      lib/rubygems/package/old.rb, lib/rubygems/safe_yaml.rb,
      lib/rubygems/specification.rb.
    - CVE-2017-0903

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 30 Jan 2018 14:54:19 -0300
Superseded in artful-updates
Superseded in artful-security 
ruby2.3 (2.3.3-1ubuntu1.3) artful-security; urgency=medium

  * SECURITY UPDATE: fails to validade specification names
    - debian/patches/CVE-2017-0901-0902.patch:  fix this.
    - CVE-2017-0901
  * SECURITY UPDATE: vulnerable to a DNS hijacking
    - debian/patches/CVE-2017-0901-0902.patch fix this.
    - CVE-2017-0902
  * SECURITY UPDATE: possible remote code execution
    - debian/patches/CVE-2017-0903.patch: whitelist classes
      and symbols that are in Gem spec YAML in lib/rubygems.rb,
      lib/rubygens/config_file.rb, lib/rubygems/package.rb,
      lib/rubygems/package/old.rb, lib/rubygems/safe_yaml.rb,
      lib/rubygems/specification.rb.
    - CVE-2017-0903

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 30 Jan 2018 15:00:37 -0300
Superseded in artful-updates
Superseded in artful-security 
ruby2.3 (2.3.3-1ubuntu1.2) artful-security; urgency=medium

  * SECURITY UPDATE: possible command injection attacks through
    kernel#open
    - debian/patches/CVE-2017-17790.patch: fix uses of Kernel#open in
      lib/resolv.rb.
    - CVE-2017-17790
  * SECURITY UPDATE: possibly execute arbitrary commands via a crafted user name
    - debian/patches/CVE-2017-10784.patch: sanitize any type of logs in
      lib/webrick/httpstatus.rb, lib/webrick/log.rb and test/webrick/test_httpauth.rb.
    - CVE-2017-10784
  * SECURITY UPDATE: denial of service via a crafted string
    - debian/patches/CVE-2017-14033.patch: fix in ext/openssl/ossl_asn1.c.
    - CVE-2017-14033
  * SECURITY UPDATE: Arbitrary memory expose during a JSON.generate call
    - debian/patches/CVE-2017-14064.patch: fix this in
      ext/json/ext/generator/generator.c and ext/json/ext/generator/generator.h.

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 09 Jan 2018 11:41:26 -0300
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: possible command injection attacks through
    kernel#open
    - debian/patches/CVE-2017-17790.patch: fix uses of Kernel#open in
      lib/resolv.rb.
    - CVE-2017-17790
  * SECURITY UPDATE: possibly execute arbitrary commands via a crafted user name
    - debian/patches/CVE-2017-10784.patch: sanitize any type of logs in
      lib/webrick/httpstatus.rb, lib/webrick/log.rb and test/webrick/test_httpauth.rb.
    - CVE-2017-10784
  * SECURITY UPDATE: denial of service via a crafted string
    - debian/patches/CVE-2017-14033.patch: fix in ext/openssl/ossl_asn1.c.
    - CVE-2017-14033
  * SECURITY UPDATE: Arbitrary memory expose during a JSON.generate call
    - debian/patches/CVE-2017-14064.patch: fix this in
      ext/json/ext/generator/generator.c and ext/json/ext/generator/generator.h.

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 09 Jan 2018 11:43:22 -0300
Superseded in artful-updates
Superseded in artful-security 
ruby2.3 (2.3.3-1ubuntu1.1) artful-security; urgency=medium

  * SECURITY UPDATE: command injection through Net::FTP
    - debian/patches/CVE-2017-17405.patch: fix command injection
      in lib/net/ftp.rb, test/net/ftp/test_ftp.rb.
    - CVE-2017-17405
  * Exclude some tests that fails in launchpad
    - debian/patches/0090-Exclude-tests-that-fail-on-Ubuntu-builds.patch
  * Fixing issues in build with gcc7 and adding new symbols since this
    patch/fix requires it
    - debian/patches/fixing-gcc7-build-issue.patch (Closes: #853648)

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 02 Jan 2018 09:40:17 -0300
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
ruby2.3 (2.3.6-2) unstable; urgency=medium

  * debian/patches/0011-Increase-timeout-to-avoid-build-failures-on-mips.patch:
    increase timeout in both tests that have one
    (now hopefully really Closes: #882404)
  * debian/rules: run tests in verbose mode during build
  * autopkgtest: make use of the text exclusion rules under test/excludes/

 -- Antonio Terceiro <email address hidden>  Fri, 22 Dec 2017 15:45:29 -0200
Superseded in bionic-proposed 
ruby2.3 (2.3.6-1) unstable; urgency=medium

  [ Antonio Terceiro ]
  * New upstream version 2.3.6
  * Update symbols file
  * Refresh patches.
    0011-Whitelist-classes-and-symbols-that-are-in-Gem-spec-Y.patch:
    dropped, applied upstream

  [ Adrian Bunk ]
  * Force exact precision on i386 (Closes: #881804)

  [ James Cowgill ]
  * Increase timeout to avoid build failures on mips* (Closes: #882404)

  [ Matthias Klose ]
  * Update symbols file (Closes: #881848)
  * Skip tests that fail on Launchpad builders

 -- Antonio Terceiro <email address hidden>  Fri, 22 Dec 2017 11:19:41 -0200
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: command injection through Net::FTP
    - debian/patches/CVE-2017-17405.patch: fix command injection
      in lib/net/ftp.rb, test/net/ftp/test_ftp.rb.
    - CVE-2017-17405
  *  Exclude some tests that fails in launchpad:
    - debian/patches/0090-Exclude-tests-that-fail-on-Ubuntu-builds.patch

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 18 Dec 2017 16:25:28 -0300
Obsolete in zesty-updates
Obsolete in zesty-security 
ruby2.3 (2.3.3-1ubuntu0.3) zesty-security; urgency=medium

  * SECURITY UPDATE: command injection through Net::FTP
    - debian/patches/CVE-2017-17405.patch: fix command injection
      in lib/net/ftp.rb, test/net/ftp/test_ftp.rb.
    - CVE-2017-17405
  * Exclude some tests that fails in launchpad:
    - debian/patches/0090-Exclude-tests-that-fail-on-Ubuntu-builds.patch

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 18 Dec 2017 16:30:21 -0300
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
ruby2.3 (2.3.5-1ubuntu4) bionic; urgency=medium

  * Ignore two test failures.
  * Mark a symbol as optional.

 -- Matthias Klose <email address hidden>  Wed, 15 Nov 2017 14:16:49 +0100
Superseded in bionic-proposed 
ruby2.3 (2.3.5-1ubuntu3) bionic; urgency=medium

  * Ignore two test failures.
  * Mark a symbol as optional.

 -- Matthias Klose <email address hidden>  Wed, 15 Nov 2017 14:16:49 +0100

Available diffs

Superseded in bionic-proposed 
ruby2.3 (2.3.5-1ubuntu2) bionic; urgency=medium

  * Ignore two test failures.
  * Mark a symbol as optional.

 -- Matthias Klose <email address hidden>  Wed, 15 Nov 2017 14:16:49 +0100

Available diffs

Superseded in bionic-proposed 
ruby2.3 (2.3.5-1ubuntu1) bionic; urgency=medium

  * Ignore two test failures.

 -- Matthias Klose <email address hidden>  Wed, 15 Nov 2017 13:41:50 +0100
Superseded in bionic-proposed 
ruby2.3 (2.3.5-1) unstable; urgency=medium

  * New upstream release.
    - Includes fix for building with GCC 7 (Closes: #853648)
    - Included security fixes
      - Buffer underrun vulnerability in OpenSSL ASN1 decode
        [CVE-2017-14033] (Closes: #875928)
      - Escape sequence injection vulnerability in the Basic authentication of
        WEBrick
        [CVE-2017-10784] (Closes: #875931)
      - Buffer underrun vulnerability in Kernel.sprintf
        [CVE-2017-0898] (Closes: #875936)
      - Multiple security vulnerabilities in Rubygems (Closes: #873802)
        - DNS request hijacking vulnerability. Discovered by Jonathan
          Claudius, fix by Samuel Giddins.
          [CVE-2017-0902]
        - ANSI escape sequence vulnerability. Discovered by Yusuke Endoh,
          fix by Evan Phoenix.
          [CVE-2017-0899]
        - DOS vulernerability in the query command. Discovered by Yusuke
          Endoh, fix by Samuel Giddins.
          [CVE-2017-0900]
        - Vulnerability in the gem installer that allowed a malicious gem to
          overwrite arbitrary files. Discovered by Yusuke Endoh, fix by Samuel
          Giddins.
          [CVE-2017-0901]
        - Arbitrary heap exposure problem in the JSON library
          [CVE-2017-14064] (Closes: #873906)
        - SMTP comment injection
          [CVE-2015-9096] (Closes: #864860)
        - IV Reuse in GCM Mode in the OpenSSL bindings
          [CVE-2016-7798] (Closes: #842432)
  * Whitelist classes and symbols that are in Gem spec YAML
    [CVE-2017-0903] (Closes: #879231)
    Original patch by Aaron Patterson; backported from the standalone Rubygems
    package
  * Convert packaging from using a plain git history to using gbp-pq, thus
    making debian individual patches explicitly present in debian/patches
  * Refresh debian/libruby2.3.symbols. There are some removed symbols, but
    they are never exposed in a header file so there should be no packages
    using them.

 -- Antonio Terceiro <email address hidden>  Tue, 14 Nov 2017 11:06:39 -0200

Available diffs

Superseded in bionic-proposed 
ruby2.3 (2.3.3-1+deb9u1) stretch-security; urgency=high

  * Fix arbitrary heap exposure problem in the JSON library (Closes: #873906)
    [CVE-2017-14064]
    - Backported for Ruby 2.3 by Hiroshi SHIBATA <email address hidden>
      https://bugs.ruby-lang.org/issues/13853
  * Fix multiple security vulnerabilities in Rubygems (Closes: #873802)
    - Fix a DNS request hijacking vulnerability. Discovered by Jonathan
      Claudius, fix by Samuel Giddins.
      [CVE-2017-0902]
    - Fix an ANSI escape sequence vulnerability. Discovered by Yusuke Endoh,
      fix by Evan Phoenix.
      [CVE-2017-0899]
    - Fix a DOS vulernerability in the query command. Discovered by Yusuke
      Endoh, fix by Samuel Giddins.
      [CVE-2017-0900]
    - Fix a vulnerability in the gem installer that allowed a malicious gem to
      overwrite arbitrary files. Discovered by Yusuke Endoh, fix by Samuel
      Giddins.
      [CVE-2017-0901]
  * Fix SMTP comment injection (Closes: #864860)
    Patch by Shugo Maeda <email address hidden>
    [CVE-2015-9096]
  * Fix IV Reuse in GCM Mode (Closes: #842432)
    Patch by Kazuki Yamaguchi <email address hidden>
    [CVE-2016-7798]

 -- Antonio Terceiro <email address hidden>  Sat, 02 Sep 2017 15:11:07 -0300
Superseded in xenial-updates
Superseded in xenial-security 
ruby2.3 (2.3.1-2~16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: SMTP command injection
    - debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in
      lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb.
    - CVE-2015-9096
  * SECURITY UPDATE: use of same initialization vector (IV)
    - debian/patches/CVE-2016-7798.patch: don't set dummy key in
      ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb.
    - CVE-2016-7798
  * debian/rules: enable full test suite
  * debian/control: added netbase to Build-Depends
  * debian/patches/fix_tests.patch: fix tests that do not work correctly.

 -- Marc Deslauriers <email address hidden>  Tue, 20 Jun 2017 11:05:02 -0400
Superseded in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release) 
ruby2.3 (2.3.3-1ubuntu1) artful; urgency=medium

  * SECURITY UPDATE: SMTP command injection
    - debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in
      lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb.
    - CVE-2015-9096
  * SECURITY UPDATE: use of same initialization vector (IV)
    - debian/patches/CVE-2016-7798.patch: don't set dummy key in
      ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb.
    - CVE-2016-7798

 -- Marc Deslauriers <email address hidden>  Fri, 16 Jun 2017 10:27:43 -0400
Superseded in zesty-updates
Superseded in zesty-security 
ruby2.3 (2.3.3-1ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: SMTP command injection
    - debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in
      lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb.
    - CVE-2015-9096
  * SECURITY UPDATE: use of same initialization vector (IV)
    - debian/patches/CVE-2016-7798.patch: don't set dummy key in
      ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb.
    - CVE-2016-7798

 -- Marc Deslauriers <email address hidden>  Fri, 16 Jun 2017 11:23:32 -0400
Superseded in artful-release
Obsolete in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
ruby2.3 (2.3.3-1) unstable; urgency=medium

  * New upstream version.

 -- Christian Hofstaedtler <email address hidden>  Tue, 22 Nov 2016 12:32:41 +0000
Superseded in zesty-proposed 
ruby2.3 (2.3.2-1) unstable; urgency=medium

  * New upstream version.

 -- Christian Hofstaedtler <email address hidden>  Wed, 16 Nov 2016 01:31:08 +0000

Available diffs

Superseded in zesty-proposed 
ruby2.3 (2.3.1-6) unstable; urgency=medium

  * debian/rules: honor 'nocheck' flag in DEB_BUILD_OPTIONS (Closes: #842768).
    Thanks to John Paul Adrian Glaubitz for the patch.
  * Build-Depends on libssl1.0-dev. Ruby 2.3 is not likely to get OpenSSL 1.1
    compatibility (see #828535)

 -- Antonio Terceiro <email address hidden>  Wed, 09 Nov 2016 14:38:59 -0200
Superseded in zesty-release
Obsolete in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
ruby2.3 (2.3.1-5build2) yakkety; urgency=medium

  * No-change rebuild for readline soname change.

 -- Matthias Klose <email address hidden>  Sun, 18 Sep 2016 10:16:17 +0000
Superseded in yakkety-proposed 
ruby2.3 (2.3.1-5build1) yakkety; urgency=medium

  * No-change rebuild for readline soname change.

 -- Matthias Klose <email address hidden>  Sat, 17 Sep 2016 12:09:12 +0000
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
ruby2.3 (2.3.1-5) unstable; urgency=medium

  * Increase timeout for test_array.rb test_permutation_stack_error,
    as Array#permutation is very slow on armel, mips, mipsel.
    Forwarded to upstream as issue #12502.
  * Disable test_process.rb test_aspawn_too_long_path, as it uses ~2GB
    of RAM and a lot of CPU time before finally failing on mips, mipsel.
    Forwarded to upstream as issue #12500.
  * Increase timeout for test_gc.rb test_gc_parameter, for mips, mipsel.

 -- Christian Hofstaedtler <email address hidden>  Fri, 17 Jun 2016 23:30:49 +0000

Available diffs

Superseded in yakkety-proposed 
ruby2.3 (2.3.1-4) unstable; urgency=medium

  * Backport some test changes from Ruby trunk, to fix (some) build
    failures on archs other than amd64, i386, ppc64el, s390x.

 -- Christian Hofstaedtler <email address hidden>  Wed, 15 Jun 2016 07:32:02 +0000

Available diffs

Superseded in xenial-updates
Deleted in xenial-proposed (Reason: moved to -updates) 
ruby2.3 (2.3.1-2~16.04) xenial-proposed; urgency=medium

  * SRU: LP: #1589271, backport 2.3.1 to 16.04 LTS.
  * Fixes tests on s390x. LP: #1556783.

Available diffs

Superseded in yakkety-proposed 
ruby2.3 (2.3.1-3) unstable; urgency=medium

  * Replace libruby2.3-dbg with automatic dbgsym packages.
  * Avoid unreproducible rbconfig.rb (always use bash to build).
  * rdoc: sort input filenames in a consistent way (for reproducible).
  * Run full testsuite during build (make check instead of make test).

 -- Christian Hofstaedtler <email address hidden>  Tue, 14 Jun 2016 20:47:45 +0000

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
ruby2.3 (2.3.1-2) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/tests/known-failures.txt: remove test that now passes
    (test/rinda/test_rinda.rb)
  * debian/rules: enable bindnow hardening option (Closes: #822288)
  * debian/copyright: update and simplify copyright annotations for Unicode
    files under enc/trans/JIS/
  * Bump Standards-Version to 3.9.8 (no changes needed)

  [ Christian Hofstaedtler ]
  * Stop providing ruby-interpreter. Only packages providing
    /usr/bin/ruby can be a credible provider of ruby-interpreter.
    (Closes: #822072)
  * Raise priority to "optional", now that ruby2.2 is gone, although
    the value of this change is unclear. (Closes: #822911)
  * Apply patch from Reiner Herrmann <email address hidden> to help with
    reproducibility of mkmf.rb using packages. (Closes: #825569)

 -- Christian Hofstaedtler <email address hidden>  Mon, 30 May 2016 12:14:46 +0000

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
ruby2.3 (2.3.1-1) unstable; urgency=medium

  * Call make install-doc, install-nodoc with V=1, for diagnosing
    build failures.
  * New upstream TEENY version.

 -- Christian Hofstaedtler <email address hidden>  Wed, 27 Apr 2016 07:40:42 +0000
Superseded in yakkety-release
Published in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
ruby2.3 (2.3.0-5ubuntu1) xenial; urgency=medium

  * Merge with Debian; remaining changes:
    - Don't run tests on s390x, hanging on the buildds.
Superseded in xenial-proposed 
ruby2.3 (2.3.0-5) unstable; urgency=medium

  * Set gzip embedded mtime field to fixed value for rdoc-generated
    compressed javascript data. Helps with reproducibility of rdoc-using
    packages.
  * Build tcltk extension for Tcl/Tk 8.6.
  * Apply patch from upstream to fix crash in Proc binding.
    (ruby-core: 74100, trunk r54128, bug #12137). (Closes: #816161)

 -- Christian Hofstaedtler <email address hidden>  Wed, 16 Mar 2016 23:36:12 +0000
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
ruby2.3 (2.3.0-4ubuntu3) xenial; urgency=medium

  * Build using Tcl/Tk 8.6.

 -- Matthias Klose <email address hidden>  Mon, 14 Mar 2016 11:25:22 +0100

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
ruby2.3 (2.3.0-4ubuntu2) xenial; urgency=medium

  * Don't run tests on s390x, hanging on the buildds.
  * Ignore test results on i386.

 -- Matthias Klose <email address hidden>  Mon, 14 Mar 2016 09:02:50 +0100
Superseded in xenial-proposed 
ruby2.3 (2.3.0-4ubuntu1) xenial; urgency=medium

  * Ignore test results on s390x.

 -- Matthias Klose <email address hidden>  Mon, 14 Mar 2016 09:02:50 +0100
Superseded in xenial-proposed
Superseded in xenial-proposed 
ruby2.3 (2.3.0-4) unstable; urgency=medium

  * Apply patch from upstream to fix deserializing OpenStruct via Psych,
    (ruby-core: 72501, trunk r53366). (Closes: #816358)

 -- Christian Hofstaedtler <email address hidden>  Tue, 01 Mar 2016 22:41:19 +0100

Available diffs

Superseded in xenial-release
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
ruby2.3 (2.3.0-2) unstable; urgency=medium

  * debian/libruby2.3.symbols: update with new symbols introduced right before
    the final 2.3.0 release.
  * libruby2.3: add dependencies on rake, ruby-did-you-mean and
    ruby-net-telnet

 -- Antonio Terceiro <email address hidden>  Sat, 30 Jan 2016 09:20:31 -0200

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
ruby2.3 (2.3.0-1) unstable; urgency=medium

  [ Antonio Terceiro ]
  * Ruby 2.3
  * debian/tests/bundled-gems: check if all libraries that are supposed to be
    bundled are present, with a version greater than or equal to the one
    specified in gems/bundled_gems
  * debian/tests/run-all: filter failures against list of known failures. Pass
    if only the tests listed in debian/tests/known-failures.txt fail, fail
    otherwise. This will help catch regressions.
  * debian/copyright: update wrt new files in the distribution

  [ Christian Hofstaedtler ]
  * autopkgtest: depend on all packages so we actually have header files
    installed.

 -- Antonio Terceiro <email address hidden>  Mon, 28 Dec 2015 09:17:47 -0300
151 of 51 results FirstPreviousNextLast