Format: 1.8 Date: Tue, 21 Feb 2012 16:28:51 -0600 Source: ruby1.8 Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libtcltk-ruby1.8 ruby1.8-examples ruby1.8-elisp ri1.8 Architecture: armel Version: 1.8.7.299-2ubuntu0.1 Distribution: maverick Urgency: low Maintainer: Ubuntu/armel Build Daemon Changed-By: Tyler Hicks Description: libruby1.8 - Libraries necessary to run Ruby 1.8 libruby1.8-dbg - Debugging symbols for Ruby 1.8 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8 ri1.8 - Ruby Interactive reference (for Ruby 1.8) ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8 ruby1.8-elisp - ruby-mode for Emacsen ruby1.8-examples - Examples for Ruby 1.8 Changes: ruby1.8 (1.8.7.299-2ubuntu0.1) maverick-security; urgency=low . * SECURITY UPDATE: Cross-site scripting via HTTP error responses - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character set for HTTP error responses. Based on upstream patch. - CVE-2010-0541 * SECURITY UPDATE: Arbitrary code execution and denial of service - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory corruption during allocation. Based on upstream patch. - CVE-2011-0188 * SECURITY UPDATE: Arbitrary file deletion due to symlink race - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather than recursively removing everything underneath the symlink destination. Based on upstream patch. - CVE-2011-1004 * SECURITY UPDATE: Safe level bypass - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint in exception handling methods. Based on upstream patch. - CVE-2011-1005 * SECURITY UPDATE: Predictable random number generation - debian/patches/CVE-2011-2686.patch: Reseed the random number generator each time a child process is created. Based on upstream patch. - CVE-2011-2686 * SECURITY UPDATE: Predicatable random number generation - debian/patches/CVE-2011-2705.patch: Reseed the random number generator with the pid number and the current time to prevent predictable random numbers in the case of pid number rollover. Based on upstream patch. - CVE-2011-2705 * SECURITY UPDATE: Denial of service via crafted hash table keys - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing algorithm to prevent predictable results when inserting objects into a hash table. Based on upstream patch. - CVE-2011-4815 Checksums-Sha1: 3040def89b4534d8f52710924126194ce5d7d212 31588 ruby1.8_1.8.7.299-2ubuntu0.1_armel.deb 1bde329cb0de6065a2d8865b25f1b2709641d824 1748784 libruby1.8_1.8.7.299-2ubuntu0.1_armel.deb 85dcadb9847a1b732b7c5e8f76e26088b547ed85 1278650 libruby1.8-dbg_1.8.7.299-2ubuntu0.1_armel.deb 517d0ff3449baa7c9f0335889738efaae4f174cb 584832 ruby1.8-dev_1.8.7.299-2ubuntu0.1_armel.deb ff4b0e330e536e2f50136a732eaf2ef38f8e74ef 1759308 libtcltk-ruby1.8_1.8.7.299-2ubuntu0.1_armel.deb Checksums-Sha256: 6164fbcb7f1acdb5aead94b8260f820dcdcc6b4a946e044295b626224048eeac 31588 ruby1.8_1.8.7.299-2ubuntu0.1_armel.deb 098097524c16bedf9054cce083d40187e939c56a7806ed3d2779981b10ef0ed4 1748784 libruby1.8_1.8.7.299-2ubuntu0.1_armel.deb 75a593ac5c2f8c238a6121d13d76eea6e9ea4001a47c95acdc4d844cd9d7a8fa 1278650 libruby1.8-dbg_1.8.7.299-2ubuntu0.1_armel.deb 239bc369a2f48d3616a5dc37c9fa0bde1e63475ccdb89bb379be0ea3d25c982f 584832 ruby1.8-dev_1.8.7.299-2ubuntu0.1_armel.deb e04aa3a231f55e90a9ce6d05214d0aa52d0fb0c85b474ac36025e65a35f9b9b7 1759308 libtcltk-ruby1.8_1.8.7.299-2ubuntu0.1_armel.deb Files: 6582d13682ea7a781c49788f9501befc 31588 ruby optional ruby1.8_1.8.7.299-2ubuntu0.1_armel.deb 597a1137f37325a87486476f21ea5a91 1748784 libs optional libruby1.8_1.8.7.299-2ubuntu0.1_armel.deb be8b8cb045e9ccc1b91e39952831f35f 1278650 debug extra libruby1.8-dbg_1.8.7.299-2ubuntu0.1_armel.deb b2d03ad21414d37f92c049bc61118c81 584832 ruby optional ruby1.8-dev_1.8.7.299-2ubuntu0.1_armel.deb 147633dfd1aba1ab112aefa4aa231a37 1759308 ruby optional libtcltk-ruby1.8_1.8.7.299-2ubuntu0.1_armel.deb Original-Maintainer: akira yamada