Overview

File _patchinfo of Package patchinfo.11866

<patchinfo incident="11866">
  <issue tracker="cve" id="2019-16255"/>
  <issue tracker="cve" id="2019-16254"/>
  <issue tracker="cve" id="2012-6708"/>
  <issue tracker="cve" id="2019-15845"/>
  <issue tracker="cve" id="2019-16201"/>
  <issue tracker="cve" id="2015-9251"/>
  <issue tracker="cve" id="2020-8130"/>
  <issue tracker="bnc" id="1164804">VUL-0: CVE-2020-8130: rubygem-rake: command injection when supplying a filename that begins with the pipe character</issue>
  <issue tracker="bnc" id="1152994">VUL-0: CVE-2019-15845: ruby2.5,ruby,ruby2.1: A NUL injection vulnerability of File.fnmatch and File.fnmatch?</issue>
  <issue tracker="bnc" id="1152995">VUL-0: CVE-2019-16201: ruby2.5,ruby,ruby2.1: Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication</issue>
  <issue tracker="bnc" id="1152990">VUL-0: CVE-2019-16255: ruby2.5,ruby,ruby2.1: code injection vulnerability of Shell#[] and Shell#test</issue>
  <issue tracker="bnc" id="1162396">Non-commercial license in ruby2.5-stdlib package</issue>
  <issue tracker="bnc" id="1152992">VUL-0: CVE-2019-16254: ruby2.5,ruby,ruby2.1: HTTP response splitting in WEBrick (Additional fix)</issue>
  <issue tracker="bnc" id="1140844">ruby2.5 test suite is not executed due to a wrong parameter (-x) being supplied</issue>
  <packager>darix</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Recommended update for ruby2.5</summary>
  <description>This update for ruby2.5 toversion 2.5.7  fixes the following issues:
	  
ruby 2.5 was updated to version 2.5.7 

- CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804).
- CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and 
  Shell#test (bsc#1152990).
- CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992).
- CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and 
  File.fnmatch? (bsc#1152994).
- CVE-2019-16201: Fixed a regular expression denial of service of WEBrick 
  Digest access authentication (bsc#1152995).
- CVE-2012-6708: Fixed an XSS in JQuery
- CVE-2015-9251: Fixed an XSS in JQuery
- Fixed unit tests (bsc#1140844)
- Removed some unneeded test files (bsc#1162396).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places