-
ruby1.8 (1.8.7.72-3lenny1) stable-security; urgency=high
* added patch: 932_CVE-2009-1904 (closes: #532689)
It fixes BigDecimal DoS vulnerability (CVE-2009-1904). (backported from
1.8.7-p172 and 1.8.7-p174)
* Add upstream patch to properly check return values of the
OCSP_basic_verify function (CVE-2009-0642; Closes: #513528)
-- akira yamada <email address hidden> Fri, 10 Jul 2009 17:17:38 +0900
-
ruby1.8 (1.8.7.72-3) unstable; urgency=medium
* applied debian/patches/905_class_dup_should_copy_constants.dpatch:
- Class#dup should copy constants into the duplicated class.
(closes: #506344)
-- akira yamada <email address hidden> Tue, 06 Jan 2009 10:56:56 +0900
-
ruby1.8 (1.8.7.72-1) unstable; urgency=high
* New upstream release.
- many patches in 1.8.7.22-4 were simply backported from upstream SVN, and
are integrated into that release. We drop those:
+ 103_array_c_r17472_to_r17756.dpatch
+ 810_ruby187p22_fixes.dpatch
+ 811_multiple_vuln_200808.dpatch
- Fixes the following security issues: (Closes: #494401)
* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl
* DNS spoofing vulnerability in resolv.rb (CVE-2008-1447)
* Applied debian/patches/168_rexml_dos.dpatch:
Fix CVE-2008-3790 (REXML expansion DOS). Closes: #496808.
-- Lucas Nussbaum <email address hidden> Wed, 10 Sep 2008 10:27:45 +0200
