[ubuntu/precise-security] ruby1.9.1 1.9.3.0-1ubuntu2.5 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Feb 21 13:46:13 UTC 2013
ruby1.9.1 (1.9.3.0-1ubuntu2.5) precise-security; urgency=low
* SECURITY UPDATE: denial of service via hash collisions
- debian/patches/20121120-cve-2012-5371.diff: replace hash
implementation in common.mk, random.c, siphash.*, string.c.
- CVE-2012-5371
* SECURITY UPDATE: xss in documents generated by rdoc
- debian/patches/CVE-2013-0256.patch: fix xss in
lib/rdoc/generator/template/darkfish/js/darkfish.js.
- CVE-2013-0256
* SECURITY UPDATE: DoS and unsafe object creation via JSON
- debian/patches/CVE-2013-0269.patch: fix JSON parsing in
ext/json/lib/json/add/core.rb, ext/json/lib/json/common.rb,
ext/json/parser/parser.c, ext/json/parser/parser.rl,
test/json/test_json.rb, test/json/test_json_addition.rb,
test/json/test_json_string_matching.rb.
- CVE-2013-0269
* Patches taken from Debian 1.9.3.194-7 package.
Date: 2013-02-15 15:40:13.408234+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/precise/+source/ruby1.9.1/1.9.3.0-1ubuntu2.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list