ruby1.9.1 (1.9.3.194-1ubuntu1.2) quantal-security; urgency=low
* SECURITY UPDATE: Safe level bypass
- debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Remove
incorrect string taint in exception handling methods. Based on upstream
patch.
- CVE-2012-4464
- CVE-2012-4466
* SECURITY UPDATE: Missing input sanitization of file paths
- debian/patches/20121016-cve_2012_4522.patch: NUL characters are not
valid filename characters, so ensure that Ruby strings used for file
paths do not contain NUL characters. Based on upstream patch.
- CVE-2012-4522
* debian/patches/20120927-cve_2011_1005.patch: Drop since ruby1.9.x is
technically not affected by CVE-2011-1005. CVE-2012-4464 is the id
assigned to the vulnerability in the ruby1.9.x branch.
Date: 2012-10-16 20:50:14.505362+00:00
Changed-By: Tyler Hicks <[email protected]>
Signed-By: Jamie Strandboge <[email protected]>
https://launchpad.net/ubuntu/raring/+source/ruby1.9.1/1.9.3.194-1ubuntu1.2
Sorry, changesfile not available.
--
Raring-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/raring-changes
