[ubuntu/precise-security] ruby1.9.1 1.9.3.0-1ubuntu2.2 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Wed Sep 26 01:47:16 UTC 2012
ruby1.9.1 (1.9.3.0-1ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: Safe level bypass
- debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
in exception handling methods. Based on upstream patch.
- CVE-2011-1005
* SECURITY UPDATE: Add proper handling of rubygems SSL connections
- debian/patches/CVE-2012-2125-2126.patch: Perform certificate
verification and disallow HTTP->HTTPS redirection. Based on upstream
patch.
- CVE-2012-2125
- CVE-2012-2126
* debian/control: Add ca-certificates to libruby1.9.1 depends so that
rubygems can perform certificate verification
Date: 2012-09-24 17:05:14.496601+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/precise/+source/ruby1.9.1/1.9.3.0-1ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list