[ubuntu/natty-security] ruby1.8 1.8.7.302-2ubuntu0.1 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Tue Feb 28 02:33:39 UTC 2012
ruby1.8 (1.8.7.302-2ubuntu0.1) natty-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution and denial of service
- debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
corruption during allocation. Based on upstream patch.
- CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
- debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
than recursively removing everything underneath the symlink
destination. Based on upstream patch.
- CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
- debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
in exception handling methods. Based on upstream patch.
- CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
- debian/patches/CVE-2011-2686.patch: Reseed the random number
generator each time a child process is created. Based on upstream
patch.
- CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
- debian/patches/CVE-2011-2705.patch: Reseed the random number
generator with the pid number and the current time to prevent
predictable random numbers in the case of pid number rollover. Based on
upstream patch.
- CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
- debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
algorithm to prevent predictable results when inserting objects into a
hash table. Based on upstream patch.
- CVE-2011-4815
Date: Tue, 21 Feb 2012 16:28:51 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/ruby1.8/1.8.7.302-2ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Tue, 21 Feb 2012 16:28:51 -0600
Source: ruby1.8
Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libtcltk-ruby1.8 ruby1.8-examples ruby1.8-elisp ri1.8
Architecture: source
Version: 1.8.7.302-2ubuntu0.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description:
libruby1.8 - Libraries necessary to run Ruby 1.8
libruby1.8-dbg - Debugging symbols for Ruby 1.8
libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
ri1.8 - Ruby Interactive reference (for Ruby 1.8)
ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8
ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
ruby1.8-elisp - ruby-mode for Emacsen
ruby1.8-examples - Examples for Ruby 1.8
Changes:
ruby1.8 (1.8.7.302-2ubuntu0.1) natty-security; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution and denial of service
- debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
corruption during allocation. Based on upstream patch.
- CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
- debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
than recursively removing everything underneath the symlink
destination. Based on upstream patch.
- CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
- debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
in exception handling methods. Based on upstream patch.
- CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
- debian/patches/CVE-2011-2686.patch: Reseed the random number
generator each time a child process is created. Based on upstream
patch.
- CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
- debian/patches/CVE-2011-2705.patch: Reseed the random number
generator with the pid number and the current time to prevent
predictable random numbers in the case of pid number rollover. Based on
upstream patch.
- CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
- debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
algorithm to prevent predictable results when inserting objects into a
hash table. Based on upstream patch.
- CVE-2011-4815
Checksums-Sha1:
0b68b20645131fe6fdfeafb2de91cfcd3e278c02 2276 ruby1.8_1.8.7.302-2ubuntu0.1.dsc
55f18bfe291058f8057a4ea46bdd8d8d5cae42c2 52989 ruby1.8_1.8.7.302-2ubuntu0.1.diff.gz
Checksums-Sha256:
5d9138a18fb81b1c81c57fddca164867511f9ff3433c54e691573ac4c07020f9 2276 ruby1.8_1.8.7.302-2ubuntu0.1.dsc
0893dd5704bd796b26577287023ffc059fb4d32b4beade493313708a50c2beaa 52989 ruby1.8_1.8.7.302-2ubuntu0.1.diff.gz
Files:
01d3fb473da80e386333174007cd506f 2276 ruby optional ruby1.8_1.8.7.302-2ubuntu0.1.dsc
c36d0196330021d8be346a3adfc3baeb 52989 ruby optional ruby1.8_1.8.7.302-2ubuntu0.1.diff.gz
Original-Maintainer: akira yamada <akira at debian.org>
More information about the Natty-changes
mailing list