Ubuntu

“ruby1.9.1” 1.9.3.0-1ubuntu2.5 source package in The Precise Pangolin

Publishing history

1.9.3.0-1ubuntu2.5
SUPERSEDED: Precise pocket Updates in component main and section ruby
  • Removed from disk on 2013-03-26.
  • Removal requested on 2013-03-26.
  • Superseded on 2013-03-25 by ruby1.9.1 - 1.9.3.0-1ubuntu2.6
  • Published on 2013-02-21
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot
1.9.3.0-1ubuntu2.5
SUPERSEDED: Precise pocket Security in component main and section ruby
  • Removed from disk on 2013-03-26.
  • Removal requested on 2013-03-26.
  • Superseded on 2013-03-25 by ruby1.9.1 - 1.9.3.0-1ubuntu2.6
  • Published on 2013-02-21
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Marc Deslauriers

Builds

Changelog

ruby1.9.1 (1.9.3.0-1ubuntu2.5) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via hash collisions
    - debian/patches/20121120-cve-2012-5371.diff: replace hash
      implementation in common.mk, random.c, siphash.*, string.c.
    - CVE-2012-5371
  * SECURITY UPDATE: xss in documents generated by rdoc
    - debian/patches/CVE-2013-0256.patch: fix xss in
      lib/rdoc/generator/template/darkfish/js/darkfish.js.
    - CVE-2013-0256
  * SECURITY UPDATE: DoS and unsafe object creation via JSON
    - debian/patches/CVE-2013-0269.patch: fix JSON parsing in
      ext/json/lib/json/add/core.rb, ext/json/lib/json/common.rb,
      ext/json/parser/parser.c, ext/json/parser/parser.rl,
      test/json/test_json.rb, test/json/test_json_addition.rb,
      test/json/test_json_string_matching.rb.
    - CVE-2013-0269
  * Patches taken from Debian 1.9.3.194-7 package.
 -- Marc Deslauriers <email address hidden>   Fri, 15 Feb 2013 09:39:19 -0500