[ubuntu/intrepid] ruby1.8 1.8.7.72-1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Sat Sep 20 02:49:20 BST 2008
ruby1.8 (1.8.7.72-1) unstable; urgency=high
* New upstream release.
- many patches in 1.8.7.22-4 were simply backported from upstream SVN, and
are integrated into that release. We drop those:
+ 103_array_c_r17472_to_r17756.dpatch
+ 810_ruby187p22_fixes.dpatch
+ 811_multiple_vuln_200808.dpatch
- Fixes the following security issues: (Closes: #494401)
* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl
* DNS spoofing vulnerability in resolv.rb (CVE-2008-1447)
* Applied debian/patches/168_rexml_dos.dpatch:
Fix CVE-2008-3790 (REXML expansion DOS). Closes: #496808.
ruby1.8 (1.8.7.22-4) unstable; urgency=high
* applied debian/patches/811_multiple_vuln_200808:
fixed multiple vulnerabilities issued at
<http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/>
and
<http://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released/>.
- v_1_8_7_32 - untrace_var is permitted at safe level 4
- v_1_8_7_35 - $PROGRAM_NAME may be modified at safe level 4
- v_1_8_7_33 - Insecure methods may be called at safe level 1-3
- v_1_8_7_44 - Syslog operations are permitted at safe level 4
- v_1_8_7_69 - DoS vulnerability in WEBrick
- v_1_8_7_72 - Lack of taintness check in dl
- v_1_8_7_71 - DNS spoofing vulnerability in resolv.rb
ruby1.8 (1.8.7.22-3) unstable; urgency=medium
* applied debian/patches/810_ruby187p22_fixes.dpatch:
fixed incompatibilities and degreades about Ruby 1.8.7 and 1.8.7-p22.
- v1_8_7_23: incompatibility about class methods.
- v1_8_7_46: cgi.rb shouldn't reject filenames which include spaces.
- v1_8_7_39: self concat of string issue
- v1_8_7_47: respond_to? issue
- v1_8_7_51: Float#to_i gives incorrect sign in x86_64_linux
<http://rubyforge.org/tracker/index.php?func=detail&aid=14102&group_id=426&atid=1698>
- v1_8_7_54: [ruby-core:17491] [Ruby 1.8.7 - Bug #213] (Open) Different
ERB behavior across versions
- v1_8_7_58: IPAddr.new("192.168.1.1").to_range raise an exception
[ruby-dev:35091]
- v1_8_7_59: Zlib::GzipWriter#mtime= sets wrong mtime for Time on 1.8
- v1_8_7_60: XMLRPC::Client#do_rpc should require webrick/cookie.
<http://rubyforge.org/tracker/index.php?func=detail&aid=21139&group_id=426&atid=1698>
ruby1.8 (1.8.7.22-2) unstable; urgency=low
* applied debian/patches/103_array_c_r17472_to_r17756.dpatch:
- fixed an integer overflow bug.
Date: Sat, 20 Sep 2008 02:35:37 +0100
Changed-By: Lucas Nussbaum <lucas at lucas-nussbaum.net>
Maintainer: akira yamada <akira at debian.org>
Origin: Debian/unstable
https://launchpad.net/ubuntu/intrepid/+source/ruby1.8/1.8.7.72-1
-------------- next part --------------
Origin: Debian/unstable
Format: 1.7
Date: Sat, 20 Sep 2008 02:35:37 +0100
Source: ruby1.8
Binary: ruby1.8, libruby1.8, libruby1.8-dbg, ruby1.8-dev, libdbm-ruby1.8, libgdbm-ruby1.8, libreadline-ruby1.8, libtcltk-ruby1.8, libopenssl-ruby1.8, ruby1.8-examples, ruby1.8-elisp, ri1.8, rdoc1.8, irb1.8
Architecture: source
Version: 1.8.7.72-1
Distribution: intrepid
Urgency: high
Maintainer: akira yamada <akira at debian.org>
Changed-By: Lucas Nussbaum <lucas at lucas-nussbaum.net>
Description:
ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8
Closes: 494401 496808
Changes:
ruby1.8 (1.8.7.72-1) unstable; urgency=high
.
* New upstream release.
- many patches in 1.8.7.22-4 were simply backported from upstream SVN, and
are integrated into that release. We drop those:
+ 103_array_c_r17472_to_r17756.dpatch
+ 810_ruby187p22_fixes.dpatch
+ 811_multiple_vuln_200808.dpatch
- Fixes the following security issues: (Closes: #494401)
* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl
* DNS spoofing vulnerability in resolv.rb (CVE-2008-1447)
* Applied debian/patches/168_rexml_dos.dpatch:
Fix CVE-2008-3790 (REXML expansion DOS). Closes: #496808.
.
ruby1.8 (1.8.7.22-4) unstable; urgency=high
.
* applied debian/patches/811_multiple_vuln_200808:
fixed multiple vulnerabilities issued at
<http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/>
and
<http://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released/>.
- v_1_8_7_32 - untrace_var is permitted at safe level 4
- v_1_8_7_35 - $PROGRAM_NAME may be modified at safe level 4
- v_1_8_7_33 - Insecure methods may be called at safe level 1-3
- v_1_8_7_44 - Syslog operations are permitted at safe level 4
- v_1_8_7_69 - DoS vulnerability in WEBrick
- v_1_8_7_72 - Lack of taintness check in dl
- v_1_8_7_71 - DNS spoofing vulnerability in resolv.rb
.
ruby1.8 (1.8.7.22-3) unstable; urgency=medium
.
* applied debian/patches/810_ruby187p22_fixes.dpatch:
fixed incompatibilities and degreades about Ruby 1.8.7 and 1.8.7-p22.
- v1_8_7_23: incompatibility about class methods.
- v1_8_7_46: cgi.rb shouldn't reject filenames which include spaces.
- v1_8_7_39: self concat of string issue
- v1_8_7_47: respond_to? issue
- v1_8_7_51: Float#to_i gives incorrect sign in x86_64_linux
<http://rubyforge.org/tracker/index.php?func=detail&aid=14102&group_id=426&atid=1698>
- v1_8_7_54: [ruby-core:17491] [Ruby 1.8.7 - Bug #213] (Open) Different
ERB behavior across versions
- v1_8_7_58: IPAddr.new("192.168.1.1").to_range raise an exception
[ruby-dev:35091]
- v1_8_7_59: Zlib::GzipWriter#mtime= sets wrong mtime for Time on 1.8
- v1_8_7_60: XMLRPC::Client#do_rpc should require webrick/cookie.
<http://rubyforge.org/tracker/index.php?func=detail&aid=21139&group_id=426&atid=1698>
.
ruby1.8 (1.8.7.22-2) unstable; urgency=low
.
* applied debian/patches/103_array_c_r17472_to_r17756.dpatch:
- fixed an integer overflow bug.
Files:
46a174440af588410b28bef7ff05dfe3 1617 interpreters optional ruby1.8_1.8.7.72-1.dsc
57f6ef36973a901dc15523e8c167c11d 48378 interpreters optional ruby1.8_1.8.7.72-1.diff.gz
5e5b7189674b3a7f69401284f6a7a36d 4805594 interpreters optional ruby1.8_1.8.7.72.orig.tar.gz
More information about the Intrepid-changes
mailing list