Public bug reported:
Binary package hint: ruby1.8
Please sync ruby1.8 1.8.7.72-1 (main) from Debian unstable (main).
Ruby 1.8 is the stable (bugfixes-only) branch of ruby. 1.8.7.72 contains fixes
for a number of security issues (in addition to other fixes, of course),
including LP:246818 and LP:261459.
Changelog since current intrepid version 1.8.7.22-1:
ruby1.8 (1.8.7.72-1) unstable; urgency=high
ruby1.8 (1.8.7.72-1) unstable; urgency=high
* New upstream release.
- many patches in 1.8.7.22-4 were simply backported from upstream SVN, and
are integrated into that release. We drop those:
+ 103_array_c_r17472_to_r17756.dpatch
+ 810_ruby187p22_fixes.dpatch
+ 811_multiple_vuln_200808.dpatch
- Fixes the following security issues: (Closes: #494401)
* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl
* DNS spoofing vulnerability in resolv.rb (CVE-2008-1447)
* Applied debian/patches/168_rexml_dos.dpatch:
Fix CVE-2008-3790 (REXML expansion DOS). Closes: #496808.
-- Lucas Nussbaum <[EMAIL PROTECTED]> Wed, 10 Sep 2008 10:27:45
+0200
ruby1.8 (1.8.7.22-4) unstable; urgency=high
* applied debian/patches/811_multiple_vuln_200808:
fixed multiple vulnerabilities issued at
<http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/>
and
<http://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released/>.
- v_1_8_7_32 - untrace_var is permitted at safe level 4
- v_1_8_7_35 - $PROGRAM_NAME may be modified at safe level 4
- v_1_8_7_33 - Insecure methods may be called at safe level 1-3
- v_1_8_7_44 - Syslog operations are permitted at safe level 4
- v_1_8_7_69 - DoS vulnerability in WEBrick
- v_1_8_7_72 - Lack of taintness check in dl
- v_1_8_7_71 - DNS spoofing vulnerability in resolv.rb
-- akira yamada <[EMAIL PROTECTED]> Tue, 12 Aug 2008 09:44:52 +0900
ruby1.8 (1.8.7.22-3) unstable; urgency=medium
* applied debian/patches/810_ruby187p22_fixes.dpatch:
fixed incompatibilities and degreades about Ruby 1.8.7 and 1.8.7-p22.
- v1_8_7_23: incompatibility about class methods.
- v1_8_7_46: cgi.rb shouldn't reject filenames which include spaces.
- v1_8_7_39: self concat of string issue
- v1_8_7_47: respond_to? issue
- v1_8_7_51: Float#to_i gives incorrect sign in x86_64_linux
<http://rubyforge.org/tracker/index.php?func=detail&aid=14102&group_id=426&atid=1698>
- v1_8_7_54: [ruby-core:17491] [Ruby 1.8.7 - Bug #213] (Open) Different
ERB behavior across versions
- v1_8_7_58: IPAddr.new("192.168.1.1").to_range raise an exception
[ruby-dev:35091]
- v1_8_7_59: Zlib::GzipWriter#mtime= sets wrong mtime for Time on 1.8
- v1_8_7_60: XMLRPC::Client#do_rpc should require webrick/cookie.
<http://rubyforge.org/tracker/index.php?func=detail&aid=21139&group_id=426&atid=1698>
-- akira yamada <[EMAIL PROTECTED]> Tue, 22 Jul 2008 11:51:53 +0900
ruby1.8 (1.8.7.22-2) unstable; urgency=low
* applied debian/patches/103_array_c_r17472_to_r17756.dpatch:
- fixed an integer overflow bug.
-- Daigo Moriwaki <[EMAIL PROTECTED]> Thu, 03 Jul 2008 23:49:52 +0900
** Affects: ruby1.8 (Ubuntu)
Importance: Undecided
Status: New
--
Please sync ruby1.8 1.8.7.72-1 (main) from Debian unstable (main).
https://bugs.launchpad.net/bugs/270389
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
