Bug#634941: ruby1.9.1: Please update to 1.9.2.290
On 21/07/11 at 14:12 +0900, Nobuhiro Iwamatsu wrote: Source: ruby1.9.1 Version: 1.9.2.180-5 Severity: wishlist Tags: patch Hi, 1.9.2.290 was released. However, CVE-2011-0188 is not corrected in this version. And, the patch is necessary so that there is a problem in the check on the library of ext/tk. I attaches patches which revise these problems. Please update to this version with attached patches? Hi, We are considering switching directly to 1.9.3 as it's going to be released very soon now. A package was uploaded to experimental. Maybe you are interested in checking if it works for you. Lucas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#634941: ruby1.9.1: Please update to 1.9.2.290
Hi,
I see, thanks for your infomation.
Nobuhiro
2011/7/21 Lucas Nussbaum lu...@lucas-nussbaum.net:
On 21/07/11 at 14:12 +0900, Nobuhiro Iwamatsu wrote:
Source: ruby1.9.1
Version: 1.9.2.180-5
Severity: wishlist
Tags: patch
Hi,
1.9.2.290 was released.
However, CVE-2011-0188 is not corrected in this version.
And, the patch is necessary so that there is a problem in the check on
the library of ext/tk.
I attaches patches which revise these problems.
Please update to this version with attached patches?
Hi,
We are considering switching directly to 1.9.3 as it's going to be
released very soon now. A package was uploaded to experimental. Maybe
you are interested in checking if it works for you.
Lucas
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#634941: ruby1.9.1: Please update to 1.9.2.290
Source: ruby1.9.1
Version: 1.9.2.180-5
Severity: wishlist
Tags: patch
Hi,
1.9.2.290 was released.
However, CVE-2011-0188 is not corrected in this version.
And, the patch is necessary so that there is a problem in the check on
the library of ext/tk.
I attaches patches which revise these problems.
Please update to this version with attached patches?
Best regards,
Nobuhiro
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
From f83651ac30c7c776dee8a6a401c654757cb8d1c2 Mon Sep 17 00:00:00 2001
From: mrkn mrkn@b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Date: Tue, 1 Mar 2011 04:40:49 +
Subject: [PATCH] * ext/bigdecimal/bigdecimal.c (VpMemAlloc): CVE-2011-0188.
Fixes a bug reported by Drew Yao ayao at apple.com
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30993 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
--- a/ext/bigdecimal/bigdecimal.c 2011-07-21 14:02:50.0 +0900
+++ b/ext/bigdecimal/bigdecimal.c 2011-07-21 14:03:01.0 +0900
@@ -2123,7 +2123,7 @@
VP_EXPORT void *
VpMemAlloc(U_LONG mb)
{
-void *p = xmalloc((unsigned int)mb);
+void *p = xmalloc(mb);
if(!p) {
VpException(VP_EXCEPTION_MEMORY,failed to allocate memory,1);
}
diff --git a/ext/tk/extconf.rb.orig b/ext/tk/extconf.rb
index fed2a30..e9b28cc 100644
--- a/ext/tk/extconf.rb
+++ b/ext/tk/extconf.rb
@@ -1035,7 +1035,7 @@ def find_tcl(tcllib, stubs, version, *opt_paths)
lib = tclstub
else
func = Tcl_FindExecutable
-lib = tcl
+lib = tcllib
end
if version ! version.empty?
@@ -1179,7 +1179,7 @@ def find_tk(tklib, stubs, version, *opt_paths)
lib = tkstub
else
func = Tk_Init
-lib = tk
+lib = tklib
end
if version ! version.empty?
