Fedora Update Notification
2021-07-29 01:06:35.173516

Name        : ruby
Product     : Fedora 34
Version     : 3.0.2
Release     : 149.fc34
URL         : https://www.ruby-lang.org/
Summary     : An interpreter of object-oriented scripting language
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming.  It has many features to process text
files and to do system management tasks (as in Perl).  It is simple,
straight-forward, and extensible.

Update Information:

Security fix for CVE-2020-36327 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066

* Tue Jul 13 2021 Jarek Prokop  - 3.0.2-149
- Upgrade to Ruby 3.0.2.
- Fix command injection vulnerability in RDoc.
  Resolves: CVE-2021-31799
- Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
  Resolves: CVE-2021-31810
- Fix StartTLS stripping vulnerability in Net::IMAP.
  Resolves: CVE-2021-32066
- Fix dependencies of gems with explicit source installed from a different
  Resolves: CVE-2020-36327

  [ 1 ] Bug #1958999 - CVE-2020-36327 rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source
  [ 2 ] Bug #1980126 - CVE-2021-31810 ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
  [ 3 ] Bug #1980128 - CVE-2021-32066 ruby: StartTLS stripping vulnerability in Net::IMAP
  [ 4 ] Bug #1980132 - CVE-2021-31799 rubygem-rdoc: Command injection vulnerability in RDoc

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-36cdab1f8d' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure