[ubuntu/bionic-proposed] ruby2.5 2.5.1-1ubuntu1 (Accepted)
Matthias Klose
doko at ubuntu.com
Mon Apr 2 20:27:13 UTC 2018
ruby2.5 (2.5.1-1ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- Mark some tests as failing on Launchpad.
- Update symbols file.
ruby2.5 (2.5.1-1) unstable; urgency=medium
* New upstream version 2.5.1.
According to the release announcement, includes fixes for the following
security issues:
- CVE-2017-17742: HTTP response splitting in WEBrick
- CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir
- CVE-2018-8777: DoS by large request in WEBrick
- CVE-2018-8778: Buffer under-read in String#unpack
- CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket
- CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
Dir
- Multiple vulnerabilities in RubyGems
* Refresh patches.
Patches dropped for being already applied upstream:
- 0005-Fix-tests-to-cope-with-updates-in-tzdata.patch
- 0006-Rubygems-apply-upstream-patch-to-fix-multiple-vulner.patch
* Add patch to fix FTBFS on ia64 (Closes: #889848)
* Add simple autopkgtest to check for builtin extensions that are build
against external dependencies (ssl, yaml, *dbm etc)
* Add build-dependency on libgdbm-compat-dev (Closes: #892099)
* debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to
assumptions that don't hold on newer tzdata update. Upstream bug:
https://bugs.ruby-lang.org/issues/14655
* debian/libruby2.5.symbols: update with new symbol added in this release
Date: Mon, 02 Apr 2018 22:15:10 +0200
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 02 Apr 2018 22:15:10 +0200
Source: ruby2.5
Binary: ruby2.5 libruby2.5 ruby2.5-dev ruby2.5-doc
Architecture: source
Version: 2.5.1-1ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description:
libruby2.5 - Libraries necessary to run Ruby 2.5
ruby2.5 - Interpreter of object-oriented scripting language Ruby
ruby2.5-dev - Header files for compiling extension modules for the Ruby 2.5
ruby2.5-doc - Documentation for Ruby 2.5
Closes: 889848 892099
Changes:
ruby2.5 (2.5.1-1ubuntu1) bionic; urgency=medium
.
* Merge with Debian; remaining changes:
- Mark some tests as failing on Launchpad.
- Update symbols file.
.
ruby2.5 (2.5.1-1) unstable; urgency=medium
.
* New upstream version 2.5.1.
.
According to the release announcement, includes fixes for the following
security issues:
.
- CVE-2017-17742: HTTP response splitting in WEBrick
- CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir
- CVE-2018-8777: DoS by large request in WEBrick
- CVE-2018-8778: Buffer under-read in String#unpack
- CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket
- CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
Dir
- Multiple vulnerabilities in RubyGems
* Refresh patches.
.
Patches dropped for being already applied upstream:
.
- 0005-Fix-tests-to-cope-with-updates-in-tzdata.patch
- 0006-Rubygems-apply-upstream-patch-to-fix-multiple-vulner.patch
* Add patch to fix FTBFS on ia64 (Closes: #889848)
* Add simple autopkgtest to check for builtin extensions that are build
against external dependencies (ssl, yaml, *dbm etc)
* Add build-dependency on libgdbm-compat-dev (Closes: #892099)
* debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to
assumptions that don't hold on newer tzdata update. Upstream bug:
https://bugs.ruby-lang.org/issues/14655
* debian/libruby2.5.symbols: update with new symbol added in this release
Checksums-Sha1:
fd6a3566d40c29cd73fc0dfe8ec31198e183e9df 2449 ruby2.5_2.5.1-1ubuntu1.dsc
e95ff19092f2026b161e6e6d7759489d646e10aa 15669354 ruby2.5_2.5.1.orig.tar.gz
01ea7e36f694ccb21c038a80c43ffd1c80998eb0 101760 ruby2.5_2.5.1-1ubuntu1.debian.tar.xz
e607ba47f2b66a3d3cdf47065998da33aefa53da 6702 ruby2.5_2.5.1-1ubuntu1_source.buildinfo
Checksums-Sha256:
d7f463e0d604c592bed0df15c46f9902cae184cf219ca204f07969c5c4f9cd4b 2449 ruby2.5_2.5.1-1ubuntu1.dsc
d690140ba5b91b23d990dad9170fca8ef8e9e5ac8b62f1eb7a84ecf1edce2ed3 15669354 ruby2.5_2.5.1.orig.tar.gz
360db12972d0f5c51032e84a08148b02649fa12314d5280bec7302eb9e77b470 101760 ruby2.5_2.5.1-1ubuntu1.debian.tar.xz
cfd6688ba43597aa880877988b0a8ad64f4fdc216ba3a7decbae0d7552ae9508 6702 ruby2.5_2.5.1-1ubuntu1_source.buildinfo
Files:
d9f4f19953997f9e4fc6e1d698c8985d 2449 ruby optional ruby2.5_2.5.1-1ubuntu1.dsc
2a2c44e4d1c573006c17d9d0ef82afe3 15669354 ruby optional ruby2.5_2.5.1.orig.tar.gz
aa14ccaadcec8255a5403f4c198fd026 101760 ruby optional ruby2.5_2.5.1-1ubuntu1.debian.tar.xz
cf547144601c5568e9f253e3dcbe2019 6702 ruby optional ruby2.5_2.5.1-1ubuntu1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAlrCkesQHGRva29AdWJ1
bnR1LmNvbQAKCRC9fqpgd4+m9YqrD/9VYcJ2nOTrYQ5IwgaVoJ5joqeBiPzk/Pe/
AN6h/GulR5uDIe6/2wg4QW+BelUtpRbNY9vH8XvkE1gXE4vFbXFDDfCjb+uLi1q3
6mlt8cRnsIgOCezNIMVUKXpoz6qf2GRZa0aPuHEqdugA0u/S2ASAcdHV7qvonqRc
wOOZJS/g7J2hqAy9H2dltcuPx9PFXrtzvdoVasVpb4kPH1NeNvEqNqER8n/Hao/K
9pNv9q3i6D2XjVJjczeIAYffnDUWF64yp7Kkm7UTgCaYSGRsfq34k5XNwLDKl6lq
LVWJsSUJYGXH1URU338EHq/DlXUccZ/H4uD2B2cLpoth63BGO1m/GHVSI3VyeX/C
kVcGCEzT/cSb/2g2yck8rJqYvOWAg5Cp6IOl4fk9tOIZ/rGbz998mW9zqbx9KA/y
pkXK5tXwpcGnpUoT14K/iCLvLKhbaI7EkTKefTvKSlskWGmR43p86xz6RvWyNcm2
sCa758DzG8dUP3ZbMP/qavK9I3+0wN1yKV14raHn8WXRai4rDkZhsJnJHQGJQnZq
RHF7waVqYj7/bqIXGdJC4kXWfw+i9bdhOFI/1eROW3gfHEyyIBfHW03aYufQ/mNY
+XLq/XuJ2RRz+nDAUTuBbXMbyAbsNEjIepD7d3mJpLclwe3QciL4WG8jq4J+HCkG
xdjkUsReIA==
=IR7m
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list