Public bug reported:
Please sync ruby2.0 2.0.0.353-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow in floating point parsing.
- debian/patches/CVE-2013-4164.patch: check lengths in util.c, added
test to test/ruby/test_float.rb.
- CVE-2013-4164
This CVE was fixed in the new upstream release, as noted in Debian's changelog.
Changelog entries since current trusty version 2.0.0.343-1ubuntu1:
ruby2.0 (2.0.0.353-1) unstable; urgency=low
* New upstream release
+ Includes fix for Heap Overflow in Floating Point Parsing (CVE-2013-4164)
Closes: #730190
-- Antonio Terceiro <[email protected]> Mon, 25 Nov 2013 22:34:25
-0300
** Affects: ruby2.0 (Ubuntu)
Importance: Wishlist
Status: New
** Changed in: ruby2.0 (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1257609
Title:
Sync ruby2.0 2.0.0.353-1 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1257609/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
