Format: 1.7 Date: Thu, 09 Oct 2008 09:28:03 -0500 Source: ruby1.8 Binary: irb1.8 libdbm-ruby1.8 libgdbm-ruby1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 libruby1.8-dbg libtcltk-ruby1.8 rdoc1.8 ri1.8 ruby1.8 ruby1.8-dev ruby1.8-elisp ruby1.8-examples Architecture: amd64 i386 all ia64 powerpc source sparc Version: 1.8.5-4ubuntu2.3 Distribution: feisty-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Jamie Strandboge Description: libdbm-ruby1.8 - DBM interface for Ruby 1.8 libgdbm-ruby1.8 - GDBM interface for Ruby 1.8 libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8 libreadline-ruby1.8 - Readline interface for Ruby 1.8 libruby1.8 - Libraries necessary to run Ruby 1.8 libruby1.8-dbg - Debugging symbols for Ruby 1.8 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8 ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8 irb1.8 - Interactive Ruby (for Ruby 1.8) rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8) ri1.8 - Ruby Interactive reference (for Ruby 1.8) ruby1.8-elisp - ruby-mode for Emacsen ruby1.8-examples - Examples for Ruby 1.8 Changes: ruby1.8 (1.8.5-4ubuntu2.3) feisty-security; urgency=low . * SECURITY UPDATE: denial of service via resource exhaustion in the REXML module (LP: #261459) - debian/patches/953_CVE-2008-3790.patch: adjust rexml/document.rb and rexml/entity.rb to use expansion limits - CVE-2008-3790 * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of service (LP: #246818) - debian/patches/954_CVE-2008-2376.patch: adjust array.c to properly check argument length - CVE-2008-2376 * SECURITY UPDATE: denial of service via multiple long requests to a Ruby socket - debian/patches/955_CVE-2008-3443.patch: adjust regex.c to not use ruby managed memory and check for allocation failures - CVE-2008-3443 * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122) - debian/patches/956_CVE-2008-3656.patch: update webrick/httputils.rb to properly check paths ending with '.' - CVE-2008-3656 * SECURITY UPDATE: predictable transaction id and source port for DNS requests (separate vulnerability from CVE-2008-1447) - debian/patches/957_CVE-2008-3905.patch: adjust resolv.rb to use SecureRandom for transaction id and source port - CVE-2008-3905 * SECURITY UPDATE: safe level bypass via DL.dlopen - debian/patches/958_CVE-2008-3657.patch: adjust rb_str_to_ptr and rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to propogate taint and check taintness of DLPtrData - CVE-2008-3657 * SECURITY UPDATE: safe level bypass via multiple vectors - debian/patches/959_CVE-2008-3655.patch: use rb_secure(4) in variable.c and syslog.c, check for secure level 3 or higher in eval.c and make sure PROGRAM_NAME can't be modified - CVE-2008-3655 Files: bb10a00299574adfcb18bf06b4701348 218364 interpreters optional ruby1.8_1.8.5-4ubuntu2.3_amd64.deb e9f65661585bb46986378212eb4c399b 1596968 libs optional libruby1.8_1.8.5-4ubuntu2.3_amd64.deb aaaf8076bc670ce0535d52f7e06024c4 1072174 libdevel extra libruby1.8-dbg_1.8.5-4ubuntu2.3_amd64.deb 02f76304967648106724d05499276716 752802 devel optional ruby1.8-dev_1.8.5-4ubuntu2.3_amd64.deb 8d5669bedb33bfea32f34f86e36c6505 198308 interpreters optional libdbm-ruby1.8_1.8.5-4ubuntu2.3_amd64.deb d35132cc43a8801a5e0483ceb1386a4c 199390 interpreters optional libgdbm-ruby1.8_1.8.5-4ubuntu2.3_amd64.deb 2d78163a804754f71d7780b6915e8972 198882 interpreters optional libreadline-ruby1.8_1.8.5-4ubuntu2.3_amd64.deb c32a373a6c76370ebc64e68a44aec3fd 1837318 interpreters optional libtcltk-ruby1.8_1.8.5-4ubuntu2.3_amd64.deb 61e9f34641856e9c4f1f5e934f1abc1f 304414 interpreters optional libopenssl-ruby1.8_1.8.5-4ubuntu2.3_amd64.deb 80c3fc9ce336e3e31709193722710c58 218162 interpreters optional ruby1.8_1.8.5-4ubuntu2.3_i386.deb 33f84f7bfef17c884486806708712cd5 1533772 libs optional libruby1.8_1.8.5-4ubuntu2.3_i386.deb f61e54d00bb7cf2349dad73a122c5d94 1001378 libdevel extra libruby1.8-dbg_1.8.5-4ubuntu2.3_i386.deb f5620860e67d98dfd8aa3146170bc148 713510 devel optional ruby1.8-dev_1.8.5-4ubuntu2.3_i386.deb 4a2d387350e2cbe262c45767059c7fe7 197696 interpreters optional libdbm-ruby1.8_1.8.5-4ubuntu2.3_i386.deb 420ce67840aadf015341be8f793b23ec 198280 interpreters optional libgdbm-ruby1.8_1.8.5-4ubuntu2.3_i386.deb 141253532ac46400ade9cdd37d78985e 198024 interpreters optional libreadline-ruby1.8_1.8.5-4ubuntu2.3_i386.deb 468e41566fa40d3e64a8866369cd14ea 1830970 interpreters optional libtcltk-ruby1.8_1.8.5-4ubuntu2.3_i386.deb c8615b6ade4e55db33ab34b4b91bf15b 291838 interpreters optional libopenssl-ruby1.8_1.8.5-4ubuntu2.3_i386.deb 6a25881ecffabbe8013e2d50bc5e8e30 243034 interpreters optional ruby1.8-examples_1.8.5-4ubuntu2.3_all.deb 577bfbf7b33503ca80e2031883d92a6f 210580 interpreters optional ruby1.8-elisp_1.8.5-4ubuntu2.3_all.deb 4694d489187b762b7dec5640c876e77e 1230230 interpreters optional ri1.8_1.8.5-4ubuntu2.3_all.deb 412f5bca0c2d966993dfb9044f0ddf0b 310702 doc optional rdoc1.8_1.8.5-4ubuntu2.3_all.deb eefdf8cdb203548f982dc74ed4f8fea1 235932 interpreters optional irb1.8_1.8.5-4ubuntu2.3_all.deb 9c064709d0fc6307eeb03ece33f1226d 218990 interpreters optional ruby1.8_1.8.5-4ubuntu2.3_ia64.deb a9e3db7972a357f9d789202755db0c87 1904092 libs optional libruby1.8_1.8.5-4ubuntu2.3_ia64.deb 85f889aff7c190586446d779d13917f3 1026184 libdevel extra libruby1.8-dbg_1.8.5-4ubuntu2.3_ia64.deb 0a6b8a68054e510264272d8654149128 972170 devel optional ruby1.8-dev_1.8.5-4ubuntu2.3_ia64.deb ed476ccb99a1bc7c2e0b7b3237b3905f 202690 interpreters optional libdbm-ruby1.8_1.8.5-4ubuntu2.3_ia64.deb 43600f57a715796912d4b70f1369bfeb 203640 interpreters optional libgdbm-ruby1.8_1.8.5-4ubuntu2.3_ia64.deb 0d504c1c9dc164a43b3f1fb4e5d096cf 201740 interpreters optional libreadline-ruby1.8_1.8.5-4ubuntu2.3_ia64.deb 4b53588e992041f6e41251a9f4ad0d33 1862230 interpreters optional libtcltk-ruby1.8_1.8.5-4ubuntu2.3_ia64.deb ebc27f5986b839a57516d2bcc42ebd4c 332746 interpreters optional libopenssl-ruby1.8_1.8.5-4ubuntu2.3_ia64.deb 15fb25df796250bc96d2df711ec32a8d 220466 interpreters optional ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb 2dd7a5ab224abe569dd15b399b7adc12 1638104 libs optional libruby1.8_1.8.5-4ubuntu2.3_powerpc.deb 0285045d8c86c80f57a7e1387e3886c8 1111450 libdevel extra libruby1.8-dbg_1.8.5-4ubuntu2.3_powerpc.deb 26a28f686ccdc27639f28bded1ecfe8c 734818 devel optional ruby1.8-dev_1.8.5-4ubuntu2.3_powerpc.deb 2c80162e51db86d37002c0a24baa1d4f 200694 interpreters optional libdbm-ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb 0cd572d70acb5674705fb49d1c223e64 201266 interpreters optional libgdbm-ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb 13940e77aa7995c605bed98bcd6a1a25 200872 interpreters optional libreadline-ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb dbdfbe711e7d999f25ce1f27430af9a3 1840538 interpreters optional libtcltk-ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb 0acb855b22964be130afd34b2114d64e 305914 interpreters optional libopenssl-ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb 956be22b057cc8616dc983769b63bfdf 1171 interpreters optional ruby1.8_1.8.5-4ubuntu2.3.dsc bff2be8f11e65dcb092f1c613bc52b3d 108435 interpreters optional ruby1.8_1.8.5-4ubuntu2.3.diff.gz 6f68aef25004ca71f0db472a7a48cdff 218338 interpreters optional ruby1.8_1.8.5-4ubuntu2.3_sparc.deb aebb00d3a199fe62ef6ca1d50843a579 1555780 libs optional libruby1.8_1.8.5-4ubuntu2.3_sparc.deb 09119400dee20b10ac4af6d639c6fac3 969856 libdevel extra libruby1.8-dbg_1.8.5-4ubuntu2.3_sparc.deb 0010ee7bb2a876d35009d1cf1a40052c 742750 devel optional ruby1.8-dev_1.8.5-4ubuntu2.3_sparc.deb 44a5d2631b29c4785f637333ef67e91e 197414 interpreters optional libdbm-ruby1.8_1.8.5-4ubuntu2.3_sparc.deb 84e38811122a7999c00926881cb86db9 198236 interpreters optional libgdbm-ruby1.8_1.8.5-4ubuntu2.3_sparc.deb 644a945494713312dbb307ed3c05b6a3 198150 interpreters optional libreadline-ruby1.8_1.8.5-4ubuntu2.3_sparc.deb b4c89388e842459fa89a98c30815efa0 1833688 interpreters optional libtcltk-ruby1.8_1.8.5-4ubuntu2.3_sparc.deb 550eb057d1003903d61da7e8b16d2f22 297376 interpreters optional libopenssl-ruby1.8_1.8.5-4ubuntu2.3_sparc.deb Launchpad-Bugs-Fixed: 246818 257122 261459 Original-Maintainer: akira yamada