[ubuntu/natty-security] ruby1.8 1.8.7.302-2ubuntu0.1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Tue Feb 28 02:33:39 UTC 2012 

ruby1.8 (1.8.7.302-2ubuntu0.1) natty-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution and denial of service
    - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
      corruption during allocation. Based on upstream patch.
    - CVE-2011-0188
  * SECURITY UPDATE: Arbitrary file deletion due to symlink race
    - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
      than recursively removing everything underneath the symlink
      destination. Based on upstream patch.
    - CVE-2011-1004
  * SECURITY UPDATE: Safe level bypass
    - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
      in exception handling methods. Based on upstream patch.
    - CVE-2011-1005
  * SECURITY UPDATE: Predictable random number generation
    - debian/patches/CVE-2011-2686.patch: Reseed the random number
      generator each time a child process is created. Based on upstream
      patch.
    - CVE-2011-2686
  * SECURITY UPDATE: Predicatable random number generation
    - debian/patches/CVE-2011-2705.patch: Reseed the random number
      generator with the pid number and the current time to prevent
      predictable random numbers in the case of pid number rollover. Based on
      upstream patch.
    - CVE-2011-2705
  * SECURITY UPDATE: Denial of service via crafted hash table keys
    - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
      algorithm to prevent predictable results when inserting objects into a
      hash table. Based on upstream patch.
    - CVE-2011-4815

Date: Tue, 21 Feb 2012 16:28:51 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/ruby1.8/1.8.7.302-2ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Tue, 21 Feb 2012 16:28:51 -0600
Source: ruby1.8
Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libtcltk-ruby1.8 ruby1.8-examples ruby1.8-elisp ri1.8
Architecture: source
Version: 1.8.7.302-2ubuntu0.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 libruby1.8 - Libraries necessary to run Ruby 1.8
 libruby1.8-dbg - Debugging symbols for Ruby 1.8
 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
 ri1.8      - Ruby Interactive reference (for Ruby 1.8)
 ruby1.8    - Interpreter of object-oriented scripting language Ruby 1.8
 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
 ruby1.8-elisp - ruby-mode for Emacsen
 ruby1.8-examples - Examples for Ruby 1.8
Changes: 
 ruby1.8 (1.8.7.302-2ubuntu0.1) natty-security; urgency=low
 .
   * SECURITY UPDATE: Arbitrary code execution and denial of service
     - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
       corruption during allocation. Based on upstream patch.
     - CVE-2011-0188
   * SECURITY UPDATE: Arbitrary file deletion due to symlink race
     - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
       than recursively removing everything underneath the symlink
       destination. Based on upstream patch.
     - CVE-2011-1004
   * SECURITY UPDATE: Safe level bypass
     - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
       in exception handling methods. Based on upstream patch.
     - CVE-2011-1005
   * SECURITY UPDATE: Predictable random number generation
     - debian/patches/CVE-2011-2686.patch: Reseed the random number
       generator each time a child process is created. Based on upstream
       patch.
     - CVE-2011-2686
   * SECURITY UPDATE: Predicatable random number generation
     - debian/patches/CVE-2011-2705.patch: Reseed the random number
       generator with the pid number and the current time to prevent
       predictable random numbers in the case of pid number rollover. Based on
       upstream patch.
     - CVE-2011-2705
   * SECURITY UPDATE: Denial of service via crafted hash table keys
     - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
       algorithm to prevent predictable results when inserting objects into a
       hash table. Based on upstream patch.
     - CVE-2011-4815
Checksums-Sha1: 
 0b68b20645131fe6fdfeafb2de91cfcd3e278c02 2276 ruby1.8_1.8.7.302-2ubuntu0.1.dsc
 55f18bfe291058f8057a4ea46bdd8d8d5cae42c2 52989 ruby1.8_1.8.7.302-2ubuntu0.1.diff.gz
Checksums-Sha256: 
 5d9138a18fb81b1c81c57fddca164867511f9ff3433c54e691573ac4c07020f9 2276 ruby1.8_1.8.7.302-2ubuntu0.1.dsc
 0893dd5704bd796b26577287023ffc059fb4d32b4beade493313708a50c2beaa 52989 ruby1.8_1.8.7.302-2ubuntu0.1.diff.gz
Files: 
 01d3fb473da80e386333174007cd506f 2276 ruby optional ruby1.8_1.8.7.302-2ubuntu0.1.dsc
 c36d0196330021d8be346a3adfc3baeb 52989 ruby optional ruby1.8_1.8.7.302-2ubuntu0.1.diff.gz
Original-Maintainer: akira yamada <akira at debian.org>

More information about the Natty-changes mailing list