[ubuntu/precise-security] ruby1.9.1 1.9.3.0-1ubuntu2.2 (Accepted)

Tyler Hicks Tue, 25 Sep 2012 18:47:23 -0700

ruby1.9.1 (1.9.3.0-1ubuntu2.2) precise-security; urgency=low

  * SECURITY UPDATE: Safe level bypass
    - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
      in exception handling methods. Based on upstream patch.
    - CVE-2011-1005
  * SECURITY UPDATE: Add proper handling of rubygems SSL connections
    - debian/patches/CVE-2012-2125-2126.patch: Perform certificate
      verification and disallow HTTP->HTTPS redirection. Based on upstream
      patch.
    - CVE-2012-2125
    - CVE-2012-2126
  * debian/control: Add ca-certificates to libruby1.9.1 depends so that
    rubygems can perform certificate verification


Date: 2012-09-24 17:05:14.496601+00:00
Changed-By: Tyler Hicks <[email protected]>
https://launchpad.net/ubuntu/precise/+source/ruby1.9.1/1.9.3.0-1ubuntu2.2

Sorry, changesfile not available.

-- 
Precise-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

[ubuntu/precise-security] ruby1.9.1 1.9.3.0-1ubuntu2.2 (Accepted)

Reply via email to