projects / ruby2.3.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
ruby2.3.git
7 years agodebian-changes
commit | commitdiff | tree
Antonio Terceiro [Thu, 19 Jul 2018 11:28:10 +0000 (12:28 +0100)]
debian-changes

This patch file represents the entire difference between the package as shipped
by Debian and the official upstream sources. The goal is to maintain this file
as small as possible, avoiding non-upstreamed patches at all costs.

The Debian packaging is maintained in the following Git repository:

  http://anonscm.debian.org/gitweb/?p=collab-maint/ruby.git

To obtain a view of the individual commits that affect non-Debian-specific
files, you can clone that repository, and from the master branch, run:

  $ ./debian/upstream-changes

Gbp-Pq: Name debian-changes

7 years agoruby2.3 (2.3.3-1+deb9u3) stretch-security; urgency=medium
commit | commitdiff | tree
Santiago R.R. [Thu, 19 Jul 2018 11:28:10 +0000 (12:28 +0100)]
ruby2.3 (2.3.3-1+deb9u3) stretch-security; urgency=medium

  [ Santiago R.R. ]
  * Fix Command injection vulnerability in Net::FTP.
    [CVE-2017-17405]
  * webrick: use IO.copy_stream for multipart response. Required changes in
    WEBrick to fix CVE-2017-17742 and CVE-2018-8777
  * Fix HTTP response splitting in WEBrick.
    [CVE-2017-17742]
  * Fix Command Injection in Hosts::new() by use of Kernel#open.
    [CVE-2017-17790]
  * Fix Unintentional directory traversal by poisoned NUL byte in Dir
    [CVE-2018-8780]
  * Fix multiple vulnerabilities in RubyGems.
    CVE-2018-1000073: Prevent Path Traversal issue during gem installation.
    CVE-2018-1000074: Fix possible Unsafe Object Deserialization
    Vulnerability in gem owner.
    CVE-2018-1000075: Strictly interpret octal fields in tar headers.
    CVE-2018-1000076: Raise a security error when there are duplicate files
    in a package.
    CVE-2018-1000077: Enforce URL validation on spec homepage attribute.
    CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute when
    displayed via gem server.
    CVE-2018-1000079: Prevent path traversal when writing to a symlinked
    basedir outside of the root.
  * Fix directory traversal vulnerability in the Dir.mktmpdir method in the
    tmpdir library
    [CVE-2018-6914]
  * Fix Unintentional socket creation by poisoned NUL byte in UNIXServer and
    UNIXSocket
    [CVE-2018-8779]
  * Fix Buffer under-read in String#unpack
    [CVE-2018-8778]
  * Fix tests to cope with updates in tzdata (Closes: #889117)
  * Exclude Rinda TestRingFinger and TestRingServer test units requiring
    network access (Closes: #898694)

  [ Antonio Terceiro ]
  * debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to
    assumptions that don't hold on newer tzdata update. Upstream bug:
    https://bugs.ruby-lang.org/issues/14655

[dgit import unpatched ruby2.3 2.3.3-1+deb9u3]

7 years agoImport ruby2.3_2.3.3-1+deb9u3.debian.tar.xz
commit | commitdiff | tree
Santiago R.R. [Thu, 19 Jul 2018 11:28:10 +0000 (12:28 +0100)]
Import ruby2.3_2.3.3-1+deb9u3.debian.tar.xz

[dgit import tarball ruby2.3 2.3.3-1+deb9u3 ruby2.3_2.3.3-1+deb9u3.debian.tar.xz]

9 years agoImport ruby2.3_2.3.3.orig.tar.xz
commit | commitdiff | tree
Christian Hofstaedtler [Tue, 22 Nov 2016 12:32:41 +0000 (12:32 +0000)]
Import ruby2.3_2.3.3.orig.tar.xz

[dgit import orig ruby2.3_2.3.3.orig.tar.xz]

Unnamed repository; edit this file 'description' to name the repository.