Information on source package ruby2.1

Available versions

ReleaseVersion
jessie2.1.5-2+deb8u3
jessie (security)2.1.5-2+deb8u1

Open issues

BugjessieDescription
CVE-2017-14064vulnerableRuby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can ...
CVE-2017-14033vulnerableThe decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...
CVE-2017-10784vulnerableThe Basic authentication code in WEBrick library in Ruby before 2.2.8, ...
CVE-2017-0903vulnerableRubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ...
CVE-2017-0902vulnerableRubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking ...
CVE-2017-0901vulnerableRubyGems version 2.6.12 and earlier fails to validate specification ...
CVE-2017-0900vulnerableRubyGems version 2.6.12 and earlier is vulnerable to maliciously ...
CVE-2017-0898vulnerableRuby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious ...
CVE-2016-7798vulnerable (no DSA)The openssl gem for Ruby uses the same initialization vector (IV) in ...
CVE-2016-2339vulnerable (no DSA)An exploitable heap overflow vulnerability exists in the ...
CVE-2016-2337vulnerable (no DSA)Type confusion exists in _cancel_eval Ruby's TclTkIp class method. ...
CVE-2015-9096vulnerable (no DSA)Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...

Open unimportant issues

BugjessieDescription
CVE-2017-0899vulnerableRubyGems version 2.6.12 and earlier is vulnerable to maliciously ...
CVE-2016-2336vulnerableType confusion exists in two methods of Ruby's WIN32OLE class, ...
CVE-2014-3916vulnerableThe str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 ...

Resolved issues

BugDescription
CVE-2017-6181The parse_char_class function in regparse.c in the Onigmo (aka ...
CVE-2017-11465The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows ...
CVE-2015-7551The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby ...
CVE-2015-4020RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 ...
CVE-2015-3900RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before ...
CVE-2015-1855OpenSSL extension hostname matching implementation violates RFC 6125
CVE-2014-8090The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x ...
CVE-2014-8080The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before ...
CVE-2014-4975Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and ...
CVE-2009-5147DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel ...

Security announcements

DSA / DLADescription
DSA-3247-1ruby2.1 - security update

Search for package or bug name: Reporting problems