ruby1.8 (220.127.116.11-3lenny1) stable-security; urgency=high
* added patch: 932_CVE-2009-1904 (closes: #532689)
It fixes BigDecimal DoS vulnerability (CVE-2009-1904). (backported from
1.8.7-p172 and 1.8.7-p174)
* Add upstream patch to properly check return values of the
OCSP_basic_verify function (CVE-2009-0642; Closes: #513528)
-- akira yamada <email address hidden> Fri, 10 Jul 2009 17:17:38 +0900
ruby1.8 (18.104.22.168-3) unstable; urgency=medium
* applied debian/patches/905_class_dup_should_copy_constants.dpatch:
- Class#dup should copy constants into the duplicated class.
-- akira yamada <email address hidden> Tue, 06 Jan 2009 10:56:56 +0900
ruby1.8 (22.214.171.124-1) unstable; urgency=high
* New upstream release.
- many patches in 126.96.36.199-4 were simply backported from upstream SVN, and
are integrated into that release. We drop those:
- Fixes the following security issues: (Closes: #494401)
* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl
* DNS spoofing vulnerability in resolv.rb (CVE-2008-1447)
* Applied debian/patches/168_rexml_dos.dpatch:
Fix CVE-2008-3790 (REXML expansion DOS). Closes: #496808.
-- Lucas Nussbaum <email address hidden> Wed, 10 Sep 2008 10:27:45 +0200