FEDORA-2018-dd8162c004

security update in Fedora 28 for ruby

Status: stable 6 months ago
  • Rebase to Ruby 2.5.1.
  • Several CVE fixes.
  • Conflict requirement needs to generate dependency.
  • Stop using --with-setjmp-type=setjmp on aarch64.

Comments 8

This update has been submitted for testing by vondruch.

This update has been pushed to testing.

looks good

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1545239 miniruby crashing when compiled with -O2 or -O1 on aarch64
#1561487 Requires generator does not handle correctly dependencies such as "cookiejar != 0.3.1"
#1561817 ruby-2.5.1 is available
#1561947 CVE-2018-6914 ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
#1561948 CVE-2018-8779 ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket
#1561949 CVE-2018-8780 ruby: Unintentional directory traversal by poisoned NULL byte in Dir
#1561950 CVE-2018-8777 ruby: DoS by large request in WEBrick
#1561952 CVE-2017-17742 ruby: HTTP response splitting in WEBrick
#1561953 CVE-2018-8778 ruby: Buffer under-read in String#unpack
#1561957 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 ruby: various flaws [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 6 months ago
in testing 6 months ago
in stable 6 months ago

Related Bugs 10

00 #1545239 miniruby crashing when compiled with -O2 or -O1 on aarch64
00 #1561487 Requires generator does not handle correctly dependencies such as "cookiejar != 0.3.1"
00 #1561817 ruby-2.5.1 is available
00 #1561947 CVE-2018-6914 ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
00 #1561948 CVE-2018-8779 ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket
00 #1561949 CVE-2018-8780 ruby: Unintentional directory traversal by poisoned NULL byte in Dir
00 #1561950 CVE-2018-8777 ruby: DoS by large request in WEBrick
00 #1561952 CVE-2017-17742 ruby: HTTP response splitting in WEBrick
00 #1561953 CVE-2018-8778 ruby: Buffer under-read in String#unpack
00 #1561957 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 ruby: various flaws [fedora-all]

Automated Test Results