[ All 3 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ]
×

Package rubygem-psych-3.0.2-114.module+el8.10.0+645+66c65a00.i686 download

Name rubygem-psych
Epoch 0
Version 3.0.2
Release 114.module+el8.10.0+645+66c65a00
Architecture i686
Website/URL http://ruby-lang.org/
License MIT
Build Time 2025-05-21 13:39:10
Build Host builder-x86-08.inferitos.ru
Summary A libyaml wrapper for Ruby
Repositories AppStream
Description Psych is a YAML parser and emitter. Psych leverages libyaml[http://pyyaml.org/wiki/LibYAML] for its YAML parsing and emitting capabilities. In addition to wrapping libyaml, Psych also knows how to serialize and de-serialize most Ruby objects to and from the YAML format.
Errata INFSA-2025:7539
Size 98 KiB
Source Project ruby-2.5.9-114.module+el8.10.0+645+66c65a00
SHA-256 checksum c79f6ab0424a2cda36e098f816226c0575fd4c82032427e55f194cc5087623c6
× Full screenshot
Changelog link 
* Mon May 05 2025 Vít Ondruch <vondruch@redhat.com> - 2.5.9-114
- Fix integer overflow in search_in_range function in regexec.c (CVE-2019-19012).
  Resolves: RHEL-87505

* Tue Nov 26 2024 Jarek Prokop <jprokop@redhat.com> - 2.5.9-113
- Fix REXML ReDoS vulnerability. (CVE-2024-49761)
  Resolves: RHEL-68515

* Tue May 21 2024 Jarek Prokop <jprokop@redhat.com> - 2.5.9-112
- Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755.
  (CVE-2023-36617)
  Resolves: RHEL-5614
- Fix Buffer overread vulnerability in StringIO.
  (CVE-2024-27280)
  Resolves: RHEL-34125
- Fix RCE vulnerability with .rdoc_options in RDoc.
  (CVE-2024-27281)
  Resolves: RHEL-34117
- Fix Arbitrary memory address read vulnerability with Regex search.
  (CVE-2024-27282)
  Resolves: RHEL-33867
- Fix REXML DoS parsing an XML with many `<`s in an attribute value.
  (CVE-2024-35176)
  Resolves: RHEL-37877

* Tue Dec 12 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.5.9-111
- Rebuilt for MSVSphere 8.8

* Mon Jun 12 2023 Jarek Prokop <jprokop@redhat.com> - 2.5.9-111
- Fix HTTP response splitting in CGI.
  Resolves: CVE-2021-33621
- Fix Buffer overrun in String-to-Float conversion.
  Resolves: CVE-2022-28739
- Fix ReDoS vulnerability in URI.
  Resolves: CVE-2023-28755
- Fix ReDoS vulnerability in Time.
  Resolves: CVE-2023-28756

* Thu May 25 2023 Todd Zullinger <tmz@pobox.com> - 2.5.9-111
- Fix rdoc parsing of nil text tokens.
  Resolves: rhbz#2210326

* Fri Jul 08 2022 Jun Aruga <jaruga@redhat.com> - 2.5.9-110
- Fix FTBFS due to an incompatible load directive.
- Fix a fiddle import test on an optimized glibc on Power 9.
- Fix by adding length limit option for methods that parses date strings.
  Resolves: CVE-2021-41817
- CGI::Cookie.parse no longer decodes cookie names to prevent spoofing security
  prefixes in cookie names.
  Resolves: CVE-2021-41819

* Wed Feb 16 2022 Jarek Prokop <jprokop@redhat.com> - 2.5.9-109
- Properly fix command injection vulnerability in Rdoc.
  Related: CVE-2021-31799

* Wed Feb 09 2022 Jarek Prokop <jprokop@redhat.com> - 2.5.9-108
- Fix command injection vulnerability in RDoc.
  Resolves: CVE-2021-31799
- Fix StartTLS stripping vulnerability in Net::IMAP
  Resolves: CVE-2021-32066
- Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
  Resolves: CVE-2021-31810

* Mon Apr 19 2021 Pavel Valena <pvalena@redhat.com> - 2.5.9-107
- Update to Ruby 2.5.9.
  * Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed
  Resolves: rhbz#1757844
- Resolv::DNS: timeouts if multiple IPv6 name servers are given and address
  contains leading zero
  Resolves: rhbz#1950308