[ol8_appstream] rubygem-bigdecimal-1.3.4-112.module+el8.10.0+90367+ae9e8511.x86_64

Ruby provides built-in support for arbitrary precision integer arithmetic.
For example:

42**13 -> 1265437718438866624512

BigDecimal provides similar support for very large or very accurate floating
point numbers. Decimal arithmetic is also useful for general calculation,
because it provides the correct answers people expect–whereas normal binary
floating point arithmetic often introduces subtle errors because of the
conversion between base 10 and base 2.

Changelog (Show File list) (Show related packages)

• Tue May 21 2024 Jarek Prokop <jprokop@redhat.com> - 2.5.9-112

  - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755.
    (CVE-2023-36617)
    Resolves: RHEL-5614
  - Fix Buffer overread vulnerability in StringIO.
    (CVE-2024-27280)
    Resolves: RHEL-34125
  - Fix RCE vulnerability with .rdoc_options in RDoc.
    (CVE-2024-27281)
    Resolves: RHEL-34117
  - Fix Arbitrary memory address read vulnerability with Regex search.
    (CVE-2024-27282)
    Resolves: RHEL-33867
  - Fix REXML DoS parsing an XML with many `<`s in an attribute value.
    (CVE-2024-35176)
    Resolves: RHEL-37877

• Mon Jun 12 2023 Jarek Prokop <jprokop@redhat.com> - 2.5.9-111

  - Fix HTTP response splitting in CGI.
    Resolves: CVE-2021-33621
  - Fix Buffer overrun in String-to-Float conversion.
    Resolves: CVE-2022-28739
  - Fix ReDoS vulnerability in URI.
    Resolves: CVE-2023-28755
  - Fix ReDoS vulnerability in Time.
    Resolves: CVE-2023-28756

• Thu May 25 2023 Todd Zullinger <tmz@pobox.com> - 2.5.9-111

  - Fix rdoc parsing of nil text tokens.
    Resolves: rhbz#2210326

• Fri Jul 08 2022 Jun Aruga <jaruga@redhat.com> - 2.5.9-110

  - Fix FTBFS due to an incompatible load directive.
  - Fix a fiddle import test on an optimized glibc on Power 9.
  - Fix by adding length limit option for methods that parses date strings.
    Resolves: CVE-2021-41817
  - CGI::Cookie.parse no longer decodes cookie names to prevent spoofing security
    prefixes in cookie names.
    Resolves: CVE-2021-41819

• Wed Feb 16 2022 Jarek Prokop <jprokop@redhat.com> - 2.5.9-109

  - Properly fix command injection vulnerability in Rdoc.
    Related: CVE-2021-31799

• Wed Feb 09 2022 Jarek Prokop <jprokop@redhat.com> - 2.5.9-108

  - Fix command injection vulnerability in RDoc.
    Resolves: CVE-2021-31799
  - Fix StartTLS stripping vulnerability in Net::IMAP
    Resolves: CVE-2021-32066
  - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
    Resolves: CVE-2021-31810

• Mon Apr 19 2021 Pavel Valena <pvalena@redhat.com> - 2.5.9-107

  - Update to Ruby 2.5.9.
    * Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed
    Resolves: rhbz#1757844
  - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address
    contains leading zero
    Resolves: rhbz#1950308

• Mon Jun 22 2020 Pavel Valena <pvalena@redhat.com> - 2.5.5-106

  - Remove file with non-commercial license from did_you_mean gem.
    Resolves: rhbz#1846113

• Thu Jul 04 2019 Jun Aruga <jaruga@redhat.com> - 2.5.5-105

  - Use ffi_closure_alloc to avoid segmentation fault by libffi on aarch64.
    Resolves: rhbz#1727832
  - Properly support %prerelease in %gemspec_ macros.
    Related: rhbz#1688758
  - Fix rdoc gzipped javascript pages are not the same across multilib.
    Resolves: rhbz#1719647

• Wed Apr 17 2019 Vít Ondruch <vondruch@redhat.com> - 2.5.5-104

  - Update to Ruby 2.5.5.
    * Remove Patch25: ruby-2.6.0-Update-for-tzdata-2018f.patch; subsumed
    * Remove Patch11: ruby-2.6.0-Try-to-update-cert.patch; subsumed
    * Remove Patch19: ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with
        -TLS-1.3.patch; subsumed
    Resolves: rhbz#1688758
  - Don't ship .stp files when SystemTap support is disabled.
    Related: rhbz#1657915
  - Fix CovScan issues.
    Resolves: rhbz#1628592