Information on source package ruby2.3

Available versions

ReleaseVersion
stretch2.3.3-1+deb9u12
stretch (security)2.3.3-1+deb9u11

Open issues

BugstretchDescription
CVE-2024-43398vulnerable (no DSA, postponed)REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS ...
CVE-2024-41946vulnerable (no DSA, postponed)REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulner ...
CVE-2024-41123vulnerable (no DSA, postponed)REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some ...
CVE-2024-39908vulnerable (no DSA, postponed)REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some ...
CVE-2024-35176vulnerable (no DSA, postponed)REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...
CVE-2024-27280vulnerable (no DSA, ignored)A buffer-overread issue was discovered in StringIO 3.0.1, as distribut ...

Resolved issues

BugDescription
CVE-2024-27282An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplie ...
CVE-2024-27281An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in ...
CVE-2023-36617A ReDoS issue was discovered in the URI component before 0.12.2 for Ru ...
CVE-2023-28756A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...
CVE-2023-28755A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...
CVE-2022-28739There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, ...
CVE-2022-28738A double free was found in the Regexp compiler in Ruby 3.x before 3.0. ...
CVE-2021-41819CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...
CVE-2021-41817Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...
CVE-2021-41816CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...
CVE-2021-33621The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 ...
CVE-2021-32066An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...
CVE-2021-31810An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...
CVE-2021-31799In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...
CVE-2021-28965The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...
CVE-2020-25613An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...
CVE-2020-10933An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ...
CVE-2020-10663The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...
CVE-2019-16255Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...
CVE-2019-16254Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...
CVE-2019-16201WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...
CVE-2019-15845Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 misha ...
CVE-2019-8325An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...
CVE-2019-8324An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...
CVE-2019-8323An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem:: ...
CVE-2019-8322An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ...
CVE-2019-8321An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...
CVE-2019-8320A Directory Traversal issue was discovered in RubyGems 2.7.6 and later ...
CVE-2018-1000079RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000078RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000077RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000076RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000075RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000074RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000073RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-16396An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5. ...
CVE-2018-16395An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2 ...
CVE-2018-8780In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...
CVE-2018-8779In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...
CVE-2018-8778In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...
CVE-2018-8777In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...
CVE-2018-6914Directory traversal vulnerability in the Dir.mktmpdir method in the tm ...
CVE-2017-17790The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 us ...
CVE-2017-17742Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ...
CVE-2017-17405Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, get ...
CVE-2017-14064Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can e ...
CVE-2017-14033The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2. ...
CVE-2017-11465The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows a ...
CVE-2017-10784The Basic authentication code in WEBrick library in Ruby before 2.2.8, ...
CVE-2017-6181The parse_char_class function in regparse.c in the Onigmo (aka Oniguru ...
CVE-2017-0903RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possibl ...
CVE-2017-0902RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking v ...
CVE-2017-0901RubyGems version 2.6.12 and earlier fails to validate specification na ...
CVE-2017-0900RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...
CVE-2017-0899RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...
CVE-2017-0898Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious forma ...
CVE-2016-7798The openssl gem for Ruby uses the same initialization vector (IV) in G ...
CVE-2016-2339An exploitable heap overflow vulnerability exists in the Fiddle::Funct ...
CVE-2016-2338An exploitable heap overflow vulnerability exists in the Psych::Emitte ...
CVE-2016-2337Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...
CVE-2016-2336Type confusion exists in two methods of Ruby's WIN32OLE class, ole_inv ...
CVE-2015-9096Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...

Security announcements

DSA / DLADescription
ELA-1149-1ruby2.3 - security update
DLA-2853-1ruby2.3 - security update
DLA-2780-1ruby2.3 - security update
DLA-2391-1ruby2.3 - security update
DSA-4587-1ruby2.3 - security update
DSA-4433-1ruby2.3 - security update
DSA-4332-1ruby2.3 - security update
DSA-4259-1ruby2.3 - security update
DSA-4031-1ruby2.3 - security update
DSA-3966-1ruby2.3 - security update

Search for package or bug name: Reporting problems