Register | Log in

ruby2.5

Choose email to subscribe with

general

source: ruby2.5 (main)
version: 2.5.5-3+deb10u3
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Antonio Terceiro [DMD] – Chris Hofstaedtler [DMD]
arch: all any
std-ver: 4.1.5
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2.5.5-3+deb10u3
old-sec: 2.5.5-3+deb10u2

versioned links

2.5.5-3+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.5.5-3+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libruby2.5
ruby2.5
ruby2.5-dev
ruby2.5-doc

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:06:55
Last run: 2020-04-24T09:06:27.000Z
Previous status: fail

testing: pass (log)
The tests ran in 0:07:02
Last run: 2020-05-01T03:39:44.000Z
Previous status: fail

stable: pass (log)
The tests ran in 0:06:49
Last run: 2019-08-22T06:21:55.000Z
Previous status: fail

Created: 2020-03-27 Last update: 2021-09-23 05:34

4 security issues in buster high

There are 4 open security issues in buster.

3 important issues:

CVE-2021-31799: In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
CVE-2021-31810: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
CVE-2021-32066: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

1 issue left for the package maintainer to handle:

CVE-2021-28965: (postponed; to be fixed through a stable update) The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-04-09 Last update: 2021-08-14 14:00

news

[2020-10-16] Accepted ruby2.5 2.5.5-3+deb10u3 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-07-08] Accepted ruby2.5 2.5.5-3+deb10u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-07-08] Accepted ruby2.5 2.5.5-3+deb10u2 (source amd64 all) into stable->embargoed, stable (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-05-04] ruby2.5 REMOVED from testing (Debian testing watch)
[2020-05-02] Removed 2.5.7-1 from unstable (Debian FTP Masters)
[2019-12-21] Accepted ruby2.5 2.5.5-3+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2019-12-17] Accepted ruby2.5 2.5.5-3+deb10u1 (source) into stable->embargoed, stable (Salvatore Bonaccorso)
[2019-10-26] ruby2.5 2.5.7-1 MIGRATED to testing (Debian testing watch)
[2019-10-23] Accepted ruby2.5 2.5.7-1 (source) into unstable (Antonio Terceiro)
[2019-08-01] ruby2.5 2.5.5-4 MIGRATED to testing (Debian testing watch)
[2019-07-30] Accepted ruby2.5 2.5.5-4 (source) into unstable (Antonio Terceiro)
[2019-06-05] ruby2.5 2.5.5-3 MIGRATED to testing (Debian testing watch)
[2019-06-02] Accepted ruby2.5 2.5.5-3 (source) into unstable (Antonio Terceiro)
[2019-05-16] ruby2.5 2.5.5-2 MIGRATED to testing (Debian testing watch)
[2019-05-13] Accepted ruby2.5 2.5.5-2 (source) into unstable (Antonio Terceiro)
[2019-04-01] ruby2.5 2.5.5-1 MIGRATED to testing (Debian testing watch)
[2019-03-26] Accepted ruby2.5 2.5.5-1 (source) into unstable (Antonio Terceiro)
[2019-03-06] ruby2.5 2.5.3-4 MIGRATED to testing (Debian testing watch)
[2019-02-23] Accepted ruby2.5 2.5.3-4 (source) into unstable (Antonio Terceiro)
[2018-11-29] ruby2.5 2.5.3-3 MIGRATED to testing (Debian testing watch)
[2018-11-27] Accepted ruby2.5 2.5.3-3 (source) into unstable (Antonio Terceiro)
[2018-11-25] Accepted ruby2.5 2.5.3-2 (source) into unstable (Antonio Terceiro)
[2018-11-24] Accepted ruby2.5 2.5.3-1 (source) into unstable (Antonio Terceiro)
[2018-10-07] Accepted ruby2.5 2.5.1-6 (source) into unstable (Antonio Terceiro)
[2018-07-29] ruby2.5 2.5.1-5 MIGRATED to testing (Debian testing watch)
[2018-07-24] Accepted ruby2.5 2.5.1-5 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2018-07-22] Accepted ruby2.5 2.5.1-4 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2018-06-16] ruby2.5 2.5.1-3 MIGRATED to testing (Debian testing watch)
[2018-06-11] Accepted ruby2.5 2.5.1-3 (source) into unstable (Antonio Terceiro)
[2018-06-09] Accepted ruby2.5 2.5.1-2 (source) into unstable (Antonio Terceiro)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing