[ubuntu/quantal-security] ruby1.9.1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Mon Oct 22 23:31:18 UTC 2012

ruby1.9.1 ( quantal-security; urgency=low

  * SECURITY UPDATE: Safe level bypass
    - debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Remove
      incorrect string taint in exception handling methods. Based on upstream
    - CVE-2012-4464
    - CVE-2012-4466
  * SECURITY UPDATE: Missing input sanitization of file paths
    - debian/patches/20121016-cve_2012_4522.patch: NUL characters are not
      valid filename characters, so ensure that Ruby strings used for file
      paths do not contain NUL characters. Based on upstream patch.
    - CVE-2012-4522
  * debian/patches/20120927-cve_2011_1005.patch: Drop since ruby1.9.x is
    technically not affected by CVE-2011-1005. CVE-2012-4464 is the id
    assigned to the vulnerability in the ruby1.9.x branch.

Date: 2012-10-16 20:50:14.505362+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Quantal-changes mailing list