[ubuntu/maverick-security] ruby1.8 1.8.7.299-2ubuntu0.1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Tue Feb 28 02:33:54 UTC 2012 

ruby1.8 (1.8.7.299-2ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting via HTTP error responses
    - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
      set for HTTP error responses. Based on upstream patch.
    - CVE-2010-0541
  * SECURITY UPDATE: Arbitrary code execution and denial of service
    - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
      corruption during allocation. Based on upstream patch.
    - CVE-2011-0188
  * SECURITY UPDATE: Arbitrary file deletion due to symlink race
    - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
      than recursively removing everything underneath the symlink
      destination. Based on upstream patch.
    - CVE-2011-1004
  * SECURITY UPDATE: Safe level bypass
    - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
      in exception handling methods. Based on upstream patch.
    - CVE-2011-1005
  * SECURITY UPDATE: Predictable random number generation
    - debian/patches/CVE-2011-2686.patch: Reseed the random number
      generator each time a child process is created. Based on upstream
      patch.
    - CVE-2011-2686
  * SECURITY UPDATE: Predicatable random number generation
    - debian/patches/CVE-2011-2705.patch: Reseed the random number
      generator with the pid number and the current time to prevent
      predictable random numbers in the case of pid number rollover. Based on
      upstream patch.
    - CVE-2011-2705
  * SECURITY UPDATE: Denial of service via crafted hash table keys
    - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
      algorithm to prevent predictable results when inserting objects into a
      hash table. Based on upstream patch.
    - CVE-2011-4815

Date: Tue, 21 Feb 2012 16:28:51 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/ruby1.8/1.8.7.299-2ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Tue, 21 Feb 2012 16:28:51 -0600
Source: ruby1.8
Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libtcltk-ruby1.8 ruby1.8-examples ruby1.8-elisp ri1.8
Architecture: source
Version: 1.8.7.299-2ubuntu0.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 libruby1.8 - Libraries necessary to run Ruby 1.8
 libruby1.8-dbg - Debugging symbols for Ruby 1.8
 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
 ri1.8      - Ruby Interactive reference (for Ruby 1.8)
 ruby1.8    - Interpreter of object-oriented scripting language Ruby 1.8
 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
 ruby1.8-elisp - ruby-mode for Emacsen
 ruby1.8-examples - Examples for Ruby 1.8
Changes: 
 ruby1.8 (1.8.7.299-2ubuntu0.1) maverick-security; urgency=low
 .
   * SECURITY UPDATE: Cross-site scripting via HTTP error responses
     - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
       set for HTTP error responses. Based on upstream patch.
     - CVE-2010-0541
   * SECURITY UPDATE: Arbitrary code execution and denial of service
     - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
       corruption during allocation. Based on upstream patch.
     - CVE-2011-0188
   * SECURITY UPDATE: Arbitrary file deletion due to symlink race
     - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
       than recursively removing everything underneath the symlink
       destination. Based on upstream patch.
     - CVE-2011-1004
   * SECURITY UPDATE: Safe level bypass
     - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
       in exception handling methods. Based on upstream patch.
     - CVE-2011-1005
   * SECURITY UPDATE: Predictable random number generation
     - debian/patches/CVE-2011-2686.patch: Reseed the random number
       generator each time a child process is created. Based on upstream
       patch.
     - CVE-2011-2686
   * SECURITY UPDATE: Predicatable random number generation
     - debian/patches/CVE-2011-2705.patch: Reseed the random number
       generator with the pid number and the current time to prevent
       predictable random numbers in the case of pid number rollover. Based on
       upstream patch.
     - CVE-2011-2705
   * SECURITY UPDATE: Denial of service via crafted hash table keys
     - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
       algorithm to prevent predictable results when inserting objects into a
       hash table. Based on upstream patch.
     - CVE-2011-4815
Checksums-Sha1: 
 9ef98eb5557d8f69a5aa080c682bf20dc1744ccd 2276 ruby1.8_1.8.7.299-2ubuntu0.1.dsc
 5fa068266ed7691f05e5c22ca7ad50ad341b7949 52166 ruby1.8_1.8.7.299-2ubuntu0.1.diff.gz
Checksums-Sha256: 
 96d03f4521d45ebc4a096caa86cb5b0007495b72380eb907890de75ddd3e24d7 2276 ruby1.8_1.8.7.299-2ubuntu0.1.dsc
 dc3ba918e4959f86b1c7aaf961f3207372a02b68d0e47b31e641f99dd7127c9a 52166 ruby1.8_1.8.7.299-2ubuntu0.1.diff.gz
Files: 
 4c1255fee07045ac6d5aef5b2d1dc7b6 2276 ruby optional ruby1.8_1.8.7.299-2ubuntu0.1.dsc
 3e3535f5c0a523c5e32cd7eecbe15a83 52166 ruby optional ruby1.8_1.8.7.299-2ubuntu0.1.diff.gz
Original-Maintainer: akira yamada <akira at debian.org>

More information about the Maverick-changes mailing list