[ubuntu/lucid-security] ruby1.8 1.8.7.249-2ubuntu0.1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Tue Feb 28 02:34:10 UTC 2012 

ruby1.8 (1.8.7.249-2ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting via HTTP error responses
    - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
      set for HTTP error responses. Based on upstream patch.
    - CVE-2010-0541
  * SECURITY UPDATE: Arbitrary code execution and denial of service
    - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
      corruption during allocation. Based on upstream patch.
    - CVE-2011-0188
  * SECURITY UPDATE: Arbitrary file deletion due to symlink race
    - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
      than recursively removing everything underneath the symlink
      destination. Based on upstream patch.
    - CVE-2011-1004
  * SECURITY UPDATE: Safe level bypass
    - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
      in exception handling methods. Based on upstream patch.
    - CVE-2011-1005
  * SECURITY UPDATE: Predictable random number generation
    - debian/patches/CVE-2011-2686.patch: Reseed the random number
      generator each time a child process is created. Based on upstream
      patch.
    - CVE-2011-2686
  * SECURITY UPDATE: Predicatable random number generation
    - debian/patches/CVE-2011-2705.patch: Reseed the random number
      generator with the pid number and the current time to prevent
      predictable random numbers in the case of pid number rollover. Based on
      upstream patch.
    - CVE-2011-2705
  * SECURITY UPDATE: Denial of service via crafted hash table keys
    - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
      algorithm to prevent predictable results when inserting objects into a
      hash table. Based on upstream patch.
    - CVE-2011-4815

Date: Tue, 21 Feb 2012 16:28:51 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/ruby1.8/1.8.7.249-2ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Tue, 21 Feb 2012 16:28:51 -0600
Source: ruby1.8
Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libdbm-ruby1.8 libgdbm-ruby1.8 libreadline-ruby1.8 libtcltk-ruby1.8 libopenssl-ruby1.8 ruby1.8-examples ruby1.8-elisp ri1.8 rdoc1.8 irb1.8
Architecture: source
Version: 1.8.7.249-2ubuntu0.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 irb1.8     - Interactive Ruby (for Ruby 1.8)
 libdbm-ruby1.8 - DBM interface for Ruby 1.8
 libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
 libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
 libreadline-ruby1.8 - Readline interface for Ruby 1.8
 libruby1.8 - Libraries necessary to run Ruby 1.8
 libruby1.8-dbg - Debugging symbols for Ruby 1.8
 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
 rdoc1.8    - Generate documentation from Ruby source files (for Ruby 1.8)
 ri1.8      - Ruby Interactive reference (for Ruby 1.8)
 ruby1.8    - Interpreter of object-oriented scripting language Ruby 1.8
 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
 ruby1.8-elisp - ruby-mode for Emacsen
 ruby1.8-examples - Examples for Ruby 1.8
Changes: 
 ruby1.8 (1.8.7.249-2ubuntu0.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Cross-site scripting via HTTP error responses
     - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
       set for HTTP error responses. Based on upstream patch.
     - CVE-2010-0541
   * SECURITY UPDATE: Arbitrary code execution and denial of service
     - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
       corruption during allocation. Based on upstream patch.
     - CVE-2011-0188
   * SECURITY UPDATE: Arbitrary file deletion due to symlink race
     - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
       than recursively removing everything underneath the symlink
       destination. Based on upstream patch.
     - CVE-2011-1004
   * SECURITY UPDATE: Safe level bypass
     - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
       in exception handling methods. Based on upstream patch.
     - CVE-2011-1005
   * SECURITY UPDATE: Predictable random number generation
     - debian/patches/CVE-2011-2686.patch: Reseed the random number
       generator each time a child process is created. Based on upstream
       patch.
     - CVE-2011-2686
   * SECURITY UPDATE: Predicatable random number generation
     - debian/patches/CVE-2011-2705.patch: Reseed the random number
       generator with the pid number and the current time to prevent
       predictable random numbers in the case of pid number rollover. Based on
       upstream patch.
     - CVE-2011-2705
   * SECURITY UPDATE: Denial of service via crafted hash table keys
     - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
       algorithm to prevent predictable results when inserting objects into a
       hash table. Based on upstream patch.
     - CVE-2011-4815
Checksums-Sha1: 
 ed44cbc2532c14d1e4e42b93638a22cb5ae664bf 2358 ruby1.8_1.8.7.249-2ubuntu0.1.dsc
 5cd2c70508a709f6876bd8ac214d21547bd53c04 52665 ruby1.8_1.8.7.249-2ubuntu0.1.diff.gz
Checksums-Sha256: 
 867e47c646861f430f0896f4f5f477cc5cd19d1c0c51f9d9b9c23e3670d333cf 2358 ruby1.8_1.8.7.249-2ubuntu0.1.dsc
 ea450ea5d89a6c2bde311ddbeb5e5e061d691a981b2543bb0c9675dd880675df 52665 ruby1.8_1.8.7.249-2ubuntu0.1.diff.gz
Files: 
 ae5f189a05f2f4d17406e01ec74aa732 2358 ruby optional ruby1.8_1.8.7.249-2ubuntu0.1.dsc
 7d83832094b05ae3e0e2a2699a0c82b3 52665 ruby optional ruby1.8_1.8.7.249-2ubuntu0.1.diff.gz
Original-Maintainer: akira yamada <akira at debian.org>

More information about the Lucid-changes mailing list