[ubuntu/quantal-updates] ruby1.9.1 1.9.3.194-1ubuntu1.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Oct 22 23:58:18 UTC 2012


ruby1.9.1 (1.9.3.194-1ubuntu1.2) quantal-security; urgency=low

  * SECURITY UPDATE: Safe level bypass
    - debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Remove
      incorrect string taint in exception handling methods. Based on upstream
      patch.
    - CVE-2012-4464
    - CVE-2012-4466
  * SECURITY UPDATE: Missing input sanitization of file paths
    - debian/patches/20121016-cve_2012_4522.patch: NUL characters are not
      valid filename characters, so ensure that Ruby strings used for file
      paths do not contain NUL characters. Based on upstream patch.
    - CVE-2012-4522
  * debian/patches/20120927-cve_2011_1005.patch: Drop since ruby1.9.x is
    technically not affected by CVE-2011-1005. CVE-2012-4464 is the id
    assigned to the vulnerability in the ruby1.9.x branch.

Date: 2012-10-16 20:50:14.505362+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/quantal/+source/ruby1.9.1/1.9.3.194-1ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Quantal-changes mailing list