Ubuntu
ruby2.7 package

Change logs for ruby2.7 source package in Impish

  1. Impish (21.10)
  2. Change log 
  • ruby2.7 (2.7.4-1ubuntu3.2) impish-security; urgency=medium

  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2022-28739.patch: fix dtoa buffer
      overrun in missing/dtoa.c, test/ruby/test_float.rb.
    - CVE-2022-28739

 -- Leonidas Da Silva Barbosa <email address hidden>  Tue, 24 May 2022 07:47:45 -0300
  • ruby2.7 (2.7.4-1ubuntu3.1) impish-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2021-41816.patch: fix integer overflow making
      sure use of the check in rb_alloc_tmp_buffer2 in
      ext/cgi/escape/escape.c.
    - CVE-2021-41816
  * SECURITY UPDATE: ReDoS vulnerability
    - debian/patches/CVE-2021-41817-*.patch: add length limit option
      for methods that parses date strings and mimic prev behaviour
      in  ext/date/date_core.c, test/date/test_date_parse.rb.
    - CVE-2021-41817
  * SECURITY UPDATE: Mishandles sec prefixes in cookie names
    - debian/patches/CVE-2021-41819.patch: when parsing cookies, only
      decode the values in lib/cgi/cookie.rb, test/cgi/test_cgi_cookie.rb.
    - CVE-2021-41819

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 06 Jan 2022 10:18:08 -0300
  • ruby2.7 (2.7.4-1ubuntu3) impish; urgency=medium

  * Build using GCC 10 on ppc64el. See LP #1943823.

 -- Matthias Klose <email address hidden>  Thu, 16 Sep 2021 12:47:13 +0200
  • ruby2.7 (2.7.4-1ubuntu2) impish; urgency=medium

  * No-change rebuild for libffi soname change.

 -- Matthias Klose <email address hidden>  Fri, 10 Sep 2021 16:59:58 +0200
  • ruby2.7 (2.7.4-1ubuntu1) impish; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - LTO appears to cause some issue to SEGV handler. Disable
      it for now. See https://bugs.ruby-lang.org/issues/17052.

ruby2.7 (2.7.4-1) unstable; urgency=medium

  * New upstream version 2.7.4.
    (Fixes: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066)
    (Closes: #990815)

 -- Utkarsh Gupta <email address hidden>  Fri, 09 Jul 2021 17:50:12 +0530
  • ruby2.7 (2.7.3-2ubuntu1) impish; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - LTO appears to cause some issue to SEGV handler. Disable
      it for now. See https://bugs.ruby-lang.org/issues/17052.
  * Dropped changes:
    - debian/patches/CVE-2021-28965.patch: backport fixes from REXML.
      [Included in 2.7.3-1]

 -- Utkarsh Gupta <email address hidden>  Wed, 05 May 2021 18:26:16 +0530
  • ruby2.7 (2.7.2-4ubuntu1.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: XML round-trip vulnerability in REXML
    - debian/patches/CVE-2021-28965.patch: backport fixes from REXML
      3.2.3.1.
    - CVE-2021-28965

 -- Marc Deslauriers <email address hidden>  Thu, 22 Apr 2021 14:27:19 -0400
  • ruby2.7 (2.7.2-4ubuntu1) hirsute; urgency=medium

  * LTO appears to cause some issue to SEGV handler. Disable it for now.
    See https://bugs.ruby-lang.org/issues/17052

 -- Matthias Klose <email address hidden>  Tue, 23 Mar 2021 13:50:56 +0100