-
ruby2.3 (2.3.3-1ubuntu0.3) zesty-security; urgency=medium
* SECURITY UPDATE: command injection through Net::FTP
- debian/patches/CVE-2017-17405.patch: fix command injection
in lib/net/ftp.rb, test/net/ftp/test_ftp.rb.
- CVE-2017-17405
* Exclude some tests that fails in launchpad:
- debian/patches/0090-Exclude-tests-that-fail-on-Ubuntu-builds.patch
-- <email address hidden> (Leonidas S. Barbosa) Mon, 18 Dec 2017 16:30:21 -0300
-
ruby2.3 (2.3.3-1ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: SMTP command injection
- debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in
lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb.
- CVE-2015-9096
* SECURITY UPDATE: use of same initialization vector (IV)
- debian/patches/CVE-2016-7798.patch: don't set dummy key in
ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb.
- CVE-2016-7798
-- Marc Deslauriers <email address hidden> Fri, 16 Jun 2017 11:23:32 -0400
-
ruby2.3 (2.3.3-1) unstable; urgency=medium
* New upstream version.
-- Christian Hofstaedtler <email address hidden> Tue, 22 Nov 2016 12:32:41 +0000
-
ruby2.3 (2.3.2-1) unstable; urgency=medium
* New upstream version.
-- Christian Hofstaedtler <email address hidden> Wed, 16 Nov 2016 01:31:08 +0000
-
ruby2.3 (2.3.1-6) unstable; urgency=medium
* debian/rules: honor 'nocheck' flag in DEB_BUILD_OPTIONS (Closes: #842768).
Thanks to John Paul Adrian Glaubitz for the patch.
* Build-Depends on libssl1.0-dev. Ruby 2.3 is not likely to get OpenSSL 1.1
compatibility (see #828535)
-- Antonio Terceiro <email address hidden> Wed, 09 Nov 2016 14:38:59 -0200
-
ruby2.3 (2.3.1-5build2) yakkety; urgency=medium
* No-change rebuild for readline soname change.
-- Matthias Klose <email address hidden> Sun, 18 Sep 2016 10:16:17 +0000
