Debian GNU/Linux

Change logs for “ruby1.8” source package in Lenny

  • ruby1.8 (1.8.7.72-3lenny1) stable-security; urgency=high
    
    
      * added patch: 932_CVE-2009-1904 (closes: #532689)
        It fixes BigDecimal DoS vulnerability (CVE-2009-1904).  (backported from
        1.8.7-p172 and 1.8.7-p174)
      * Add upstream patch to properly check return values of the
        OCSP_basic_verify function (CVE-2009-0642; Closes: #513528)
    
     -- akira yamada <email address hidden>  Fri, 10 Jul 2009 17:17:38 +0900
  • ruby1.8 (1.8.7.72-3) unstable; urgency=medium
    
    
      * applied debian/patches/905_class_dup_should_copy_constants.dpatch:
        - Class#dup should copy constants into the duplicated class.
          (closes: #506344)
    
     -- akira yamada <email address hidden>  Tue, 06 Jan 2009 10:56:56 +0900
  • ruby1.8 (1.8.7.72-1) unstable; urgency=high
    
    
      * New upstream release.
        - many patches in 1.8.7.22-4 were simply backported from upstream SVN, and
          are integrated into that release. We drop those:
          + 103_array_c_r17472_to_r17756.dpatch
          + 810_ruby187p22_fixes.dpatch
          + 811_multiple_vuln_200808.dpatch
        - Fixes the following security issues: (Closes: #494401)
          * Several vulnerabilities in safe level
          * DoS vulnerability in WEBrick
          * Lack of taintness check in dl
          * DNS spoofing vulnerability in resolv.rb (CVE-2008-1447)
      * Applied debian/patches/168_rexml_dos.dpatch:
        Fix CVE-2008-3790 (REXML expansion DOS). Closes: #496808.
    
     -- Lucas Nussbaum <email address hidden>  Wed, 10 Sep 2008 10:27:45 +0200