[ubuntu/quantal-security] ruby1.9.1 1.9.3.194-1ubuntu1.2 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Mon Oct 22 23:31:18 UTC 2012
ruby1.9.1 (1.9.3.194-1ubuntu1.2) quantal-security; urgency=low
* SECURITY UPDATE: Safe level bypass
- debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Remove
incorrect string taint in exception handling methods. Based on upstream
patch.
- CVE-2012-4464
- CVE-2012-4466
* SECURITY UPDATE: Missing input sanitization of file paths
- debian/patches/20121016-cve_2012_4522.patch: NUL characters are not
valid filename characters, so ensure that Ruby strings used for file
paths do not contain NUL characters. Based on upstream patch.
- CVE-2012-4522
* debian/patches/20120927-cve_2011_1005.patch: Drop since ruby1.9.x is
technically not affected by CVE-2011-1005. CVE-2012-4464 is the id
assigned to the vulnerability in the ruby1.9.x branch.
Date: 2012-10-16 20:50:14.505362+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/quantal/+source/ruby1.9.1/1.9.3.194-1ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Quantal-changes
mailing list