[ubuntu/precise-security] ruby1.9.1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Wed Sep 26 01:47:16 UTC 2012

ruby1.9.1 ( precise-security; urgency=low

  * SECURITY UPDATE: Safe level bypass
    - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
      in exception handling methods. Based on upstream patch.
    - CVE-2011-1005
  * SECURITY UPDATE: Add proper handling of rubygems SSL connections
    - debian/patches/CVE-2012-2125-2126.patch: Perform certificate
      verification and disallow HTTP->HTTPS redirection. Based on upstream
    - CVE-2012-2125
    - CVE-2012-2126
  * debian/control: Add ca-certificates to libruby1.9.1 depends so that
    rubygems can perform certificate verification

Date: 2012-09-24 17:05:14.496601+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list