[ubuntu/quantal-security] ruby1.9.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Feb 21 13:46:16 UTC 2013

ruby1.9.1 ( quantal-security; urgency=low

  * SECURITY UPDATE: denial of service via hash collisions
    - debian/patches/20121120-cve-2012-5371.diff: replace hash
      implementation in common.mk, random.c, siphash.*, string.c.
    - CVE-2012-5371
  * SECURITY UPDATE: xss in documents generated by rdoc
    - debian/patches/CVE-2013-0256.patch: fix xss in
    - CVE-2013-0256
  * SECURITY UPDATE: DoS and unsafe object creation via JSON
    - debian/patches/CVE-2013-0269.patch: fix JSON parsing in
      ext/json/lib/json/add/core.rb, ext/json/lib/json/common.rb,
      ext/json/parser/parser.c, ext/json/parser/parser.rl,
      test/json/test_json.rb, test/json/test_json_addition.rb,
    - CVE-2013-0269
  * Patches taken from Debian package.

Date: 2013-02-15 16:00:16.058516+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Quantal-changes mailing list