[ol8_appstream] ruby-doc-2.5.9-112.module+el8.10.0+90367+ae9e8511.noarch

Name:	ruby-doc
Version:	2.5.9
Release:	112.module+el8.10.0+90367+ae9e8511
Architecture:	noarch
Module:	ruby:2.5:8100020240627152904:489197e6
Group:	Documentation
Size:	17415808
License:	(Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
RPM:	ruby-doc-2.5.9-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
Source RPM:	ruby-2.5.9-112.module+el8.10.0+90367+ae9e8511.src.rpm
Build Date:	Mon Jul 15 2024
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://ruby-lang.org/
Summary:	Documentation for ruby
Description:	This package contains documentation for ruby.

Changelog (Show File list) (Show related packages)

Tue May 21 2024 Jarek Prokop <jprokop@redhat.com> - 2.5.9-112

- Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755.
  (CVE-2023-36617)
  Resolves: RHEL-5614
- Fix Buffer overread vulnerability in StringIO.
  (CVE-2024-27280)
  Resolves: RHEL-34125
- Fix RCE vulnerability with .rdoc_options in RDoc.
  (CVE-2024-27281)
  Resolves: RHEL-34117
- Fix Arbitrary memory address read vulnerability with Regex search.
  (CVE-2024-27282)
  Resolves: RHEL-33867
- Fix REXML DoS parsing an XML with many `<`s in an attribute value.
  (CVE-2024-35176)
  Resolves: RHEL-37877

Mon Jun 12 2023 Jarek Prokop <jprokop@redhat.com> - 2.5.9-111

- Fix HTTP response splitting in CGI.
  Resolves: CVE-2021-33621
- Fix Buffer overrun in String-to-Float conversion.
  Resolves: CVE-2022-28739
- Fix ReDoS vulnerability in URI.
  Resolves: CVE-2023-28755
- Fix ReDoS vulnerability in Time.
  Resolves: CVE-2023-28756

Thu May 25 2023 Todd Zullinger <tmz@pobox.com> - 2.5.9-111

- Fix rdoc parsing of nil text tokens.
  Resolves: rhbz#2210326

Fri Jul 08 2022 Jun Aruga <jaruga@redhat.com> - 2.5.9-110

- Fix FTBFS due to an incompatible load directive.
- Fix a fiddle import test on an optimized glibc on Power 9.
- Fix by adding length limit option for methods that parses date strings.
  Resolves: CVE-2021-41817
- CGI::Cookie.parse no longer decodes cookie names to prevent spoofing security
  prefixes in cookie names.
  Resolves: CVE-2021-41819

Wed Feb 16 2022 Jarek Prokop <jprokop@redhat.com> - 2.5.9-109

- Properly fix command injection vulnerability in Rdoc.
  Related: CVE-2021-31799

Wed Feb 09 2022 Jarek Prokop <jprokop@redhat.com> - 2.5.9-108

- Fix command injection vulnerability in RDoc.
  Resolves: CVE-2021-31799
- Fix StartTLS stripping vulnerability in Net::IMAP
  Resolves: CVE-2021-32066
- Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
  Resolves: CVE-2021-31810

Mon Apr 19 2021 Pavel Valena <pvalena@redhat.com> - 2.5.9-107

- Update to Ruby 2.5.9.
  * Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed
  Resolves: rhbz#1757844
- Resolv::DNS: timeouts if multiple IPv6 name servers are given and address
  contains leading zero
  Resolves: rhbz#1950308

Mon Jun 22 2020 Pavel Valena <pvalena@redhat.com> - 2.5.5-106

- Remove file with non-commercial license from did_you_mean gem.
  Resolves: rhbz#1846113

Thu Jul 04 2019 Jun Aruga <jaruga@redhat.com> - 2.5.5-105

- Use ffi_closure_alloc to avoid segmentation fault by libffi on aarch64.
  Resolves: rhbz#1727832
- Properly support %prerelease in %gemspec_ macros.
  Related: rhbz#1688758
- Fix rdoc gzipped javascript pages are not the same across multilib.
  Resolves: rhbz#1719647

Wed Apr 17 2019 Vít Ondruch <vondruch@redhat.com> - 2.5.5-104

- Update to Ruby 2.5.5.
  * Remove Patch25: ruby-2.6.0-Update-for-tzdata-2018f.patch; subsumed
  * Remove Patch11: ruby-2.6.0-Try-to-update-cert.patch; subsumed
  * Remove Patch19: ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with
      -TLS-1.3.patch; subsumed
  Resolves: rhbz#1688758
- Don't ship .stp files when SystemTap support is disabled.
  Related: rhbz#1657915
- Fix CovScan issues.
  Resolves: rhbz#1628592