ruby1.9 (1.9.0.5-1ubuntu2) lucid; urgency=low
* SECURITY UPDATE: arbitrary code execution via string operations
- debian/patches/932_CVE-2009-4124.dpatch: calculate lengths properly
in string.c, add test in test/ruby/test_string.rb.
- CVE-2009-4124
* SECURITY UPDATE: incorrect log file sanitation in WEBrick (LP: #509392)
- debian/patches/933_CVE-2009-4492.dpatch: properly escape in
lib/webrick/{accesslog.rb,httprequest.rb,httpstatus.rb,httputils.rb},
add test to test/webrick/test_cgi.rb.
- CVE-2009-4492
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/934_CVE-2009-1904.dpatch: handle large numbers
properly in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904
-- Marc Deslauriers <email address hidden> Mon, 22 Feb 2010 16:34:02 -0500
