Bug#634941: ruby1.9.1: Please update to 1.9.2.290
On 21/07/11 at 14:12 +0900, Nobuhiro Iwamatsu wrote: Source: ruby1.9.1 Version: 1.9.2.180-5 Severity: wishlist Tags: patch Hi, 1.9.2.290 was released. However, CVE-2011-0188 is not corrected in this version. And, the patch is necessary so that there is a problem in the check on the library of ext/tk. I attaches patches which revise these problems. Please update to this version with attached patches? Hi, We are considering switching directly to 1.9.3 as it's going to be released very soon now. A package was uploaded to experimental. Maybe you are interested in checking if it works for you. Lucas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#634941: ruby1.9.1: Please update to 1.9.2.290
Hi, I see, thanks for your infomation. Nobuhiro 2011/7/21 Lucas Nussbaum lu...@lucas-nussbaum.net: On 21/07/11 at 14:12 +0900, Nobuhiro Iwamatsu wrote: Source: ruby1.9.1 Version: 1.9.2.180-5 Severity: wishlist Tags: patch Hi, 1.9.2.290 was released. However, CVE-2011-0188 is not corrected in this version. And, the patch is necessary so that there is a problem in the check on the library of ext/tk. I attaches patches which revise these problems. Please update to this version with attached patches? Hi, We are considering switching directly to 1.9.3 as it's going to be released very soon now. A package was uploaded to experimental. Maybe you are interested in checking if it works for you. Lucas -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#634941: ruby1.9.1: Please update to 1.9.2.290
Source: ruby1.9.1 Version: 1.9.2.180-5 Severity: wishlist Tags: patch Hi, 1.9.2.290 was released. However, CVE-2011-0188 is not corrected in this version. And, the patch is necessary so that there is a problem in the check on the library of ext/tk. I attaches patches which revise these problems. Please update to this version with attached patches? Best regards, Nobuhiro -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6 From f83651ac30c7c776dee8a6a401c654757cb8d1c2 Mon Sep 17 00:00:00 2001 From: mrkn mrkn@b2dd03c8-39d4-4d8f-98ff-823fe69b080e Date: Tue, 1 Mar 2011 04:40:49 + Subject: [PATCH] * ext/bigdecimal/bigdecimal.c (VpMemAlloc): CVE-2011-0188. Fixes a bug reported by Drew Yao ayao at apple.com git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30993 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- --- a/ext/bigdecimal/bigdecimal.c 2011-07-21 14:02:50.0 +0900 +++ b/ext/bigdecimal/bigdecimal.c 2011-07-21 14:03:01.0 +0900 @@ -2123,7 +2123,7 @@ VP_EXPORT void * VpMemAlloc(U_LONG mb) { -void *p = xmalloc((unsigned int)mb); +void *p = xmalloc(mb); if(!p) { VpException(VP_EXCEPTION_MEMORY,failed to allocate memory,1); } diff --git a/ext/tk/extconf.rb.orig b/ext/tk/extconf.rb index fed2a30..e9b28cc 100644 --- a/ext/tk/extconf.rb +++ b/ext/tk/extconf.rb @@ -1035,7 +1035,7 @@ def find_tcl(tcllib, stubs, version, *opt_paths) lib = tclstub else func = Tcl_FindExecutable -lib = tcl +lib = tcllib end if version ! version.empty? @@ -1179,7 +1179,7 @@ def find_tk(tklib, stubs, version, *opt_paths) lib = tkstub else func = Tk_Init -lib = tk +lib = tklib end if version ! version.empty?