This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues:
Changes in ruby2.5:
Update to 2.5.5 and 2.5.4:
https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/
https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/
Security issues fixed:
- CVE-2019-8320: Delete directory using symlink when
decompressing tar (bsc#1130627)
- CVE-2019-8321: Escape sequence injection vulnerability in
verbose (bsc#1130623)
- CVE-2019-8322: Escape sequence injection vulnerability in gem
owner (bsc#1130622)
- CVE-2019-8323: Escape sequence injection vulnerability in API
response handling (bsc#1130620)
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary
code execution (bsc#1130617)
- CVE-2019-8325: Escape sequence injection vulnerability in
errors (bsc#1130611)
Ruby 2.5 was updated to 2.5.3:
This release includes some bug fixes and some security fixes.
Security issues fixed:
- CVE-2018-16396: Tainted flags are not propagated in Array#pack
and String#unpack with some directives (bsc#1112532)
- CVE-2018-16395: OpenSSL::X509::Name equality check does not
work correctly (bsc#1112530)
Ruby 2.5 was updated to 2.5.1:
This release includes some bug fixes and some security fixes.
Security issues fixed:
Other changes:
- Fixed Net::POPMail methods modify frozen literal when using default arg
- ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790)
- build with PIE support (bsc#1130028)
Changes in ruby-bundled-gems-rpmhelper:
- Add a new helper for bundled ruby gems.