FEDORA-2018-dd8162c004

security update in Fedora 28 for ruby

Status: stable 8 days ago
  • Rebase to Ruby 2.5.1.
  • Several CVE fixes.
  • Conflict requirement needs to generate dependency.
  • Stop using --with-setjmp-type=setjmp on aarch64.

Comments 8

This update has been submitted for testing by vondruch.

This update has been pushed to testing.

looks good

karma: +1

Works

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown.

-1 0 +1 Feedback Guidelines
#1545239 miniruby crashing when compiled with -O2 or -O1 on aarch64
#1561947 CVE-2018-6914 ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
#1561948 CVE-2018-8779 ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket
#1561949 CVE-2018-8780 ruby: Unintentional directory traversal by poisoned NULL byte in Dir
#1561950 CVE-2018-8777 ruby: DoS by large request in WEBrick
#1561952 CVE-2017-17742 ruby: HTTP response splitting in WEBrick
#1561953 CVE-2018-8778 ruby: Buffer under-read in String#unpack
#1561957 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 ruby: various flaws [fedora-all]
#1561487 Requires generator does not handle correctly dependencies such as "cookiejar != 0.3.1"
#1561817 ruby-2.5.1 is available
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests Passed
Submitted by
Update Type
security
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 12 days ago
in testing 11 days ago
in stable 8 days ago

Related Bugs 10

00 #1545239 miniruby crashing when compiled with -O2 or -O1 on aarch64
00 #1561947 CVE-2018-6914 ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
00 #1561948 CVE-2018-8779 ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket
00 #1561949 CVE-2018-8780 ruby: Unintentional directory traversal by poisoned NULL byte in Dir
00 #1561950 CVE-2018-8777 ruby: DoS by large request in WEBrick
00 #1561952 CVE-2017-17742 ruby: HTTP response splitting in WEBrick
00 #1561953 CVE-2018-8778 ruby: Buffer under-read in String#unpack
00 #1561957 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 ruby: various flaws [fedora-all]
00 #1561487 Requires generator does not handle correctly dependencies such as "cookiejar != 0.3.1"
00 #1561817 ruby-2.5.1 is available

Automated Test Results