Errata overview
Errata ID 500
Date 2018-08-29
Source package ruby2.1
Fixed in version 2.1.5-2+deb8u5
This update addresses the following issues:
* TclTkIp ip_cancel_eval type confusion vulnerability (CVE-2016-2337)
* Path traversal when writing to a symlinked basedir outside of
  the root (CVE-2018-1000073)
* Unsafe Object Deserialization Vulnerability in gem owner allowing
  arbitrary code execution on specially crafted YAML (CVE-2018-1000074)
Additional notes
CVE ID CVE-2016-2337
UCS Bug number #47684