Format: 1.8
Date: Tue, 20 Jun 2017 07:58:57 -0400
Source: ruby2.0
Binary: ruby2.0 libruby2.0 ruby2.0-dev ruby2.0-doc ruby2.0-tcltk
Architecture: source
Version: 2.0.0.484-1ubuntu2.4
Distribution: trusty-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libruby2.0 - Libraries necessary to run Ruby 2.0
 ruby2.0    - Interpreter of object-oriented scripting language Ruby
 ruby2.0-dev - Header files for compiling extension modules for the Ruby 2.0
 ruby2.0-doc - Documentation for Ruby 2.0
 ruby2.0-tcltk - Ruby/Tk for Ruby 2.0
Changes: 
 ruby2.0 (2.0.0.484-1ubuntu2.4) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: incorrect hostname matching
     - debian/patches/CVE-2015-1855.patch: implement stricter hostname
       validation per RFC 6125 in ext/openssl/lib/openssl/ssl.rb, added
       tests to test/openssl/test_ssl.rb.
     - CVE-2015-1855
   * SECURITY UPDATE: DoS and possible code execution in Fiddle::Handle
     - debian/patches/CVE-2015-7551.patch: check tainted string arguments in
       ext/fiddle/handle.c, added tests to test/fiddle/test_handle.rb.
     - CVE-2015-7551
   * SECURITY UPDATE: SMTP command injection
     - debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in
       lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb.
     - CVE-2015-9096
   * SECURITY UPDATE: type confusion in tcltkip
     - debian/patches/CVE-2016-2337.patch: check argument in
       ext/tk/tcltklib.c.
     - CVE-2016-2337
   * SECURITY UPDATE: heap overflow in Fiddle::Function.new
     - debian/patches/CVE-2016-2339.patch: check arguments in
       ext/fiddle/function.c.
     - CVE-2016-2339
   * SECURITY UPDATE: use of same initialization vector (IV)
     - debian/patches/CVE-2016-7798.patch: don't set dummy key in
       ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb.
     - CVE-2016-7798
   * debian/rules: add note on enabling the full test suite
   * debian/patches/fix_tests.patch: fix some broken tests.
Checksums-Sha1: 
 88384e3879391147f60cad5807995798ef346d7e 2427 ruby2.0_2.0.0.484-1ubuntu2.4.dsc
 0030c8039b10beb53b523df19fc03a9ee5bc97bf 102308 ruby2.0_2.0.0.484-1ubuntu2.4.debian.tar.gz
Checksums-Sha256: 
 caf0c6d6d736389ea0d14234369e492f4c7cfc16ed71c8d10a77595ab9c4d925 2427 ruby2.0_2.0.0.484-1ubuntu2.4.dsc
 e5dca9dbb5ddecb74abf10def55e799d1ec460b624f7b9bc1e492827d535efb2 102308 ruby2.0_2.0.0.484-1ubuntu2.4.debian.tar.gz
Files: 
 5940e47dd42de293b68018711a6c4779 2427 ruby extra ruby2.0_2.0.0.484-1ubuntu2.4.dsc
 da5085606f8293a910d23be14a077100 102308 ruby extra ruby2.0_2.0.0.484-1ubuntu2.4.debian.tar.gz
Original-Maintainer: Antonio Terceiro <terceiro@debian.org>