-
Mon Mar 12 2018 Pavel Valena <pvalena@redhat.com> - 2.2.9-19
- Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code
execution(CVE-2017-17790).
* ruby-2.5.0-Fixed-command-Injection.patch
Related: rhbz#1549646
-
Thu Jan 18 2018 Pavel Valena <pvalena@redhat.com> - 2.2.9-18
- Upgrade to Ruby 2.2.9.
Resolves: rhbz#1549646
Resolves: CVE-2017-17405
* Remove Patch7: rubygems-2.2.4-Limit-API-endpoint-to-original-security
-domain.patch
subsumed
* Remove Patch8: rubygems-2.2.5-Fix-API-endpoint-domain-clamping.patch
subsumed
* Remove Patch9: ruby-2.2.3-dsym_fstrs-for-object-allocation-gc-phase.patch
subsumed
* Remove Patch10: ruby-2.3.0-test_gem_remote_fetcher.rb-get-rid-of-errors.patch
subsumed
* Remove Patch11: ruby-2.2.3-vm_args.c-protect-value-stack-from-calling-other
-met.patch
subsumed
-
Mon Oct 31 2016 Vít Ondruch <vondruch@redhat.com> - 2.2.2-16
- Fix named argument assignment from hash failure.
Resolves: rhbz#1390501
-
Wed Jun 22 2016 Jun Aruga <jaruga@redhat.com> - 2.2.2-15
- Fix for "dh key too small" error of OpenSSL 1.0.2+.
Resolves: rhbz#1348918
-
Tue Jun 14 2016 Jun Aruga <jaruga@redhat.com> - 2.2.2-13
- Fix the bug for object allocation during gc phase.
Resolves: rhbz#1317076
-
Mon Aug 10 2015 Vít Ondruch <vondruch@redhat.com> - 2.2.2-12
- Fix DNS hijacking vulnerability in api_endpoint() (CVE-2015-3900,
CVE-2015-4020).
Resolves: rhbz#1251466
-
Tue Apr 28 2015 Josef Stribny <jstribny@redhat.com> - 2.2.2-11
- Update to Ruby 2.2.2
- Resolves: rhbz#1215958
-
Fri Mar 20 2015 Vít Ondruch <vondruch@redhat.com> - 2.2.1-10
- Fix libruby.so versions in SystemTap scripts (rhbz#1202232).
-
Wed Mar 04 2015 Vít Ondruch <vondruch@redhat.com> - 2.2.1-9
- Update to Ruby 2.2.1.
-
Thu Feb 05 2015 Vít Ondruch <vondruch@redhat.com> - 2.2.0-7
- Fix directory ownership.