Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package ruby1.9.1 This release fixes a security bug (Debian #6999291, CVE-2013-0256) the debdiff against the package in testing is attached unblock ruby1.9.1/1.9.3.194-6 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Antonio Terceiro <[email protected]>
diff -Nru ruby1.9.1-1.9.3.194/debian/changelog ruby1.9.1-1.9.3.194/debian/changelog --- ruby1.9.1-1.9.3.194/debian/changelog 2012-11-27 18:42:09.000000000 -0300 +++ ruby1.9.1-1.9.3.194/debian/changelog 2013-02-12 16:04:22.000000000 -0300 @@ -1,3 +1,11 @@ +ruby1.9.1 (1.9.3.194-6) unstable; urgency=high + + [Nobuhiro Iwamatsu] + * debian/patches/CVE-2013-0256.patch: fix possible cross site scripting + vulnerability in documentation generated by RDOC (Closes: #699929) + + -- Antonio Terceiro <[email protected]> Tue, 12 Feb 2013 16:00:30 -0300 + ruby1.9.1 (1.9.3.194-5) unstable; urgency=high * Disable running the test suite during the build on sparc again. Keeping diff -Nru ruby1.9.1-1.9.3.194/debian/patches/CVE-2013-0256.patch ruby1.9.1-1.9.3.194/debian/patches/CVE-2013-0256.patch --- ruby1.9.1-1.9.3.194/debian/patches/CVE-2013-0256.patch 1969-12-31 21:00:00.000000000 -0300 +++ ruby1.9.1-1.9.3.194/debian/patches/CVE-2013-0256.patch 2013-02-12 16:04:22.000000000 -0300 @@ -0,0 +1,36 @@ +From fd061353e3312b77b48eee7cf96cab8ca9b797ac Mon Sep 17 00:00:00 2001 +From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> +Date: Wed, 6 Feb 2013 08:00:49 +0000 +Subject: [PATCH] * lib/rdoc: Import RDoc 3.9.5. + NOTE: This patch includes only main correctios. +Origin: upstream, https://github.com/ruby/ruby/commit/fd061353e3312b77b48eee7cf96cab8ca9b797ac +Bug: http://www.ruby-lang.org/ja/news/2013/02/06/rdoc-xss-cve-2013-0256/ +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699929 + +diff --git a/lib/rdoc/generator/template/darkfish/js/darkfish.js b/lib/rdoc/generator/template/darkfish/js/darkfish.js +index 84565c1..7a2f44c 100644 +--- a/lib/rdoc/generator/template/darkfish/js/darkfish.js ++++ b/lib/rdoc/generator/template/darkfish/js/darkfish.js +@@ -73,13 +73,15 @@ function hookQuickSearch() { + function highlightTarget( anchor ) { + console.debug( "Highlighting target '%s'.", anchor ); + +- $("a[name=" + anchor + "]").each( function() { +- if ( !$(this).parent().parent().hasClass('target-section') ) { +- console.debug( "Wrapping the target-section" ); +- $('div.method-detail').unwrap( 'div.target-section' ); +- $(this).parent().wrap( '<div class="target-section"></div>' ); +- } else { +- console.debug( "Already wrapped." ); ++ $("a[name]").each( function() { ++ if ( $(this).attr("name") == anchor ) { ++ if ( !$(this).parent().parent().hasClass('target-section') ) { ++ console.debug( "Wrapping the target-section" ); ++ $('div.method-detail').unwrap( 'div.target-section' ); ++ $(this).parent().wrap( '<div class="target-section"></div>' ); ++ } else { ++ console.debug( "Already wrapped." ); ++ } + } + }); + }; diff -Nru ruby1.9.1-1.9.3.194/debian/patches/series ruby1.9.1-1.9.3.194/debian/patches/series --- ruby1.9.1-1.9.3.194/debian/patches/series 2012-11-21 23:39:33.000000000 -0300 +++ ruby1.9.1-1.9.3.194/debian/patches/series 2013-02-12 16:04:22.000000000 -0300 @@ -19,3 +19,4 @@ 20120927-cve_2011_1005.patch CVE-2012-4522.patch 20121120-cve-2012-5371.diff +CVE-2013-0256.patch
signature.asc
Description: Digital signature
