FEDORA-2018-dd8162c004

security update in Fedora 28 for ruby

Status: stable 3 months ago
  • Rebase to Ruby 2.5.1.
  • Several CVE fixes.
  • Conflict requirement needs to generate dependency.
  • Stop using --with-setjmp-type=setjmp on aarch64.

Comments 8

This update has been submitted for testing by vondruch.

This update has been pushed to testing.

looks good

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#1545239 miniruby crashing when compiled with -O2 or -O1 on aarch64
#1561947 CVE-2018-6914 ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
#1561948 CVE-2018-8779 ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket
#1561949 CVE-2018-8780 ruby: Unintentional directory traversal by poisoned NULL byte in Dir
#1561950 CVE-2018-8777 ruby: DoS by large request in WEBrick
#1561952 CVE-2017-17742 ruby: HTTP response splitting in WEBrick
#1561953 CVE-2018-8778 ruby: Buffer under-read in String#unpack
#1561957 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 ruby: various flaws [fedora-all]
#1561487 Requires generator does not handle correctly dependencies such as "cookiejar != 0.3.1"
#1561817 ruby-2.5.1 is available
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests Passed
Submitted by
Update Type
security
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 months ago
in testing 3 months ago
in stable 3 months ago

Related Bugs 10

00 #1545239 miniruby crashing when compiled with -O2 or -O1 on aarch64
00 #1561947 CVE-2018-6914 ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
00 #1561948 CVE-2018-8779 ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket
00 #1561949 CVE-2018-8780 ruby: Unintentional directory traversal by poisoned NULL byte in Dir
00 #1561950 CVE-2018-8777 ruby: DoS by large request in WEBrick
00 #1561952 CVE-2017-17742 ruby: HTTP response splitting in WEBrick
00 #1561953 CVE-2018-8778 ruby: Buffer under-read in String#unpack
00 #1561957 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 ruby: various flaws [fedora-all]
00 #1561487 Requires generator does not handle correctly dependencies such as "cookiejar != 0.3.1"
00 #1561817 ruby-2.5.1 is available

Automated Test Results

Test results and gating status may sometimes conflict as the gating status is retrieved periodically by Bodhi's backend server, while the test results presented here are retrieved upon page load. If your update is marked as gated while all the tests show green/passed, the next check of gating status should open the gate.