[ubuntu/raring-proposed] ruby1.9.1 1.9.3.194-7ubuntu1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Fri Feb 22 19:16:33 UTC 2013 

ruby1.9.1 (1.9.3.194-7ubuntu1) raring; urgency=low

  * Merge from Debian testing (LP: #1131493). Remaining changes:
    - debian/control: Add ca-certificates to libruby1.9.1 depends so that
      rubygems can perform certificate verification
    - debian/rules: Don't install SSL certificates from upstream sources
    - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use
      /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates.
  * Changes dropped:
    - debian/patches/20121016-cve_2012_4522.patch: Debian is carrying a patch
      for this issue.
    - debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Debian is
      carrying a patch for this issue, but the patch is incorrectly named
      20120927-cve_2011_1005.patch. I'll work with Debian to change the patch
      name, but there's no need in carrying a delta because of this. To be
      clear, the Ubuntu ruby1.9.1 package is patched for CVE-2012-4464 and
      CVE-2012-4466, despite the incorrect patch name.
  * debian/patches/CVE-2012-4522.patch: Adjust patch to fix build test error.
    Use the version of the fix from upstream's 1.9.3 tree to fix the
    NoMethodError for assert_file_not, which doesn't exist in 1.9.3. Adjust
    the Origin patch tag accordingly.

ruby1.9.1 (1.9.3.194-7) unstable; urgency=high

  * debian/patches/CVE-2013-0269.patch: fix possible denial of service and
    unsafe object creation vulnerability in JSON (Closes: #700471)

ruby1.9.1 (1.9.3.194-6) unstable; urgency=high

  [Nobuhiro Iwamatsu]
  * debian/patches/CVE-2013-0256.patch: fix possible cross site scripting
    vulnerability in documentation generated by RDOC (Closes: #699929)

ruby1.9.1 (1.9.3.194-5) unstable; urgency=high

  * Disable running the test suite during the build on sparc again. Keeping
    urgency=high because the previous release, which contains a security bug
    fix, did not reach testing yet because of a segfault when running tests in
    the sparc buildd.

ruby1.9.1 (1.9.3.194-4) unstable; urgency=high

  [ James Healy ]
  * debian/patches/CVE-2012-5371.patch: avoid DOS vulnerability in hash
    implementation, this fixes CVE-2012-5371. (Closes: #693024).

ruby1.9.1 (1.9.3.194-3) unstable; urgency=high

  * debian/patches/CVE-2012-4522.patch: avoid vulnerability with strings
    containing NUL bytes passed to file creation methods. This fixes
    CVE-2012-4522 (Closes: #690670).

ruby1.9.1 (1.9.3.194-2) unstable; urgency=low

  * debian/patches/20120927-cve_2011_1005.patch: patch sent by upstream;
    fixes CVE-2011-1005 which was thought of as not affecting the Ruby 1.9.x
    series (Closes: #689075). Thanks to Tyler Hicks <tyhicks at canonical.com>
    for reporting the issue.

Date: Thu, 21 Feb 2013 17:11:23 -0800
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/raring/+source/ruby1.9.1/1.9.3.194-7ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 21 Feb 2013 17:11:23 -0800
Source: ruby1.9.1
Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ri1.9.1 ruby1.9.1-full ruby1.9.3
Architecture: source
Version: 1.9.3.194-7ubuntu1
Distribution: raring
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 libruby1.9.1 - Libraries necessary to run Ruby 1.9.1
 libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1
 libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1
 ri1.9.1    - Ruby Interactive reference (for Ruby 1.9.1)
 ruby1.9.1  - Interpreter of object-oriented scripting language Ruby
 ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1
 ruby1.9.1-examples - Examples for Ruby 1.9
 ruby1.9.1-full - Ruby 1.9.1 full installation
 ruby1.9.3  - Interpreter of object-oriented scripting language Ruby, version 1
Closes: 689075 690670 693024 699929 700471
Launchpad-Bugs-Fixed: 1131493
Changes: 
 ruby1.9.1 (1.9.3.194-7ubuntu1) raring; urgency=low
 .
   * Merge from Debian testing (LP: #1131493). Remaining changes:
     - debian/control: Add ca-certificates to libruby1.9.1 depends so that
       rubygems can perform certificate verification
     - debian/rules: Don't install SSL certificates from upstream sources
     - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use
       /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates.
   * Changes dropped:
     - debian/patches/20121016-cve_2012_4522.patch: Debian is carrying a patch
       for this issue.
     - debian/patches/20121011-cve_2012_4464-cve_2012_4466.patch: Debian is
       carrying a patch for this issue, but the patch is incorrectly named
       20120927-cve_2011_1005.patch. I'll work with Debian to change the patch
       name, but there's no need in carrying a delta because of this. To be
       clear, the Ubuntu ruby1.9.1 package is patched for CVE-2012-4464 and
       CVE-2012-4466, despite the incorrect patch name.
   * debian/patches/CVE-2012-4522.patch: Adjust patch to fix build test error.
     Use the version of the fix from upstream's 1.9.3 tree to fix the
     NoMethodError for assert_file_not, which doesn't exist in 1.9.3. Adjust
     the Origin patch tag accordingly.
 .
 ruby1.9.1 (1.9.3.194-7) unstable; urgency=high
 .
   * debian/patches/CVE-2013-0269.patch: fix possible denial of service and
     unsafe object creation vulnerability in JSON (Closes: #700471)
 .
 ruby1.9.1 (1.9.3.194-6) unstable; urgency=high
 .
   [Nobuhiro Iwamatsu]
   * debian/patches/CVE-2013-0256.patch: fix possible cross site scripting
     vulnerability in documentation generated by RDOC (Closes: #699929)
 .
 ruby1.9.1 (1.9.3.194-5) unstable; urgency=high
 .
   * Disable running the test suite during the build on sparc again. Keeping
     urgency=high because the previous release, which contains a security bug
     fix, did not reach testing yet because of a segfault when running tests in
     the sparc buildd.
 .
 ruby1.9.1 (1.9.3.194-4) unstable; urgency=high
 .
   [ James Healy ]
   * debian/patches/CVE-2012-5371.patch: avoid DOS vulnerability in hash
     implementation, this fixes CVE-2012-5371. (Closes: #693024).
 .
 ruby1.9.1 (1.9.3.194-3) unstable; urgency=high
 .
   * debian/patches/CVE-2012-4522.patch: avoid vulnerability with strings
     containing NUL bytes passed to file creation methods. This fixes
     CVE-2012-4522 (Closes: #690670).
 .
 ruby1.9.1 (1.9.3.194-2) unstable; urgency=low
 .
   * debian/patches/20120927-cve_2011_1005.patch: patch sent by upstream;
     fixes CVE-2011-1005 which was thought of as not affecting the Ruby 1.9.x
     series (Closes: #689075). Thanks to Tyler Hicks <tyhicks at canonical.com>
     for reporting the issue.
Checksums-Sha1: 
 59a84640c960db7c1ea9d38637dfeb235bca5b40 2741 ruby1.9.1_1.9.3.194-7ubuntu1.dsc
 31cf6bd981e4c929e5dc3bbdb341833eab1bd9f2 12432239 ruby1.9.1_1.9.3.194.orig.tar.gz
 916845120ed873870b0ca8b885e470a24beb9582 63069 ruby1.9.1_1.9.3.194-7ubuntu1.debian.tar.gz
Checksums-Sha256: 
 1a063ec5ed78a2c91a8bfdac4655dd74917628097d3b6c8c9d7494510fa8fa8e 2741 ruby1.9.1_1.9.3.194-7ubuntu1.dsc
 46e2fa80be7efed51bd9cdc529d1fe22ebc7567ee0f91db4ab855438cf4bd8bb 12432239 ruby1.9.1_1.9.3.194.orig.tar.gz
 f0aace5a1de6b782ff20f6f148b2ba85f64485c7509023f5cda1544c8ba8ac0b 63069 ruby1.9.1_1.9.3.194-7ubuntu1.debian.tar.gz
Files: 
 1d848cb12ff26049ecd6681c1c3cebe4 2741 ruby optional ruby1.9.1_1.9.3.194-7ubuntu1.dsc
 bc0c715c69da4d1d8bd57069c19f6c0e 12432239 ruby optional ruby1.9.1_1.9.3.194.orig.tar.gz
 1708149d3ba2461cf9c8647c6dceddf6 63069 ruby optional ruby1.9.1_1.9.3.194-7ubuntu1.debian.tar.gz
Original-Maintainer: akira yamada <akira at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRJ8K0AAoJEGVp2FWnRL6TtPEP/jb1KkeNL5E8S+fers0ma2qq
+CtcCWOWtReBIQnEGrZWKPcJlh7iH77k3f6FylTDFdBVPXfKpMWDxmCQWLqgpua5
amI2dqLyRYNC2XoZWc/lBv+aGiQyArt2DudjiexcrjDJEmDYXewsj6/P8q2SllUv
KJ/gDWEdSZD9Ij6xckKNnVZyZbpEctTOjziMxeJkYFl8AIPIkQQUZk6O/euylU7l
817B7Q6QXZb6EAT0cZeqtrcosfwf+0XczjL2VRa7ZaVUuwRXILjuzXb5po5yXKVL
Jaj57fJMlFddNrGpMlns6l/RkOe/jja9DG22HIiSL3wf+fnSNDxee+0bt3ZhSClT
FJuAhOIxU4V0gZAy4DevdHUMv5WkKotP28jV3kXoQ2V1H/MNeUCwz9mbMlwAifnN
bF97KYAJvv0qMUctzPzUxFB2jfv2v6hEFSLlGdcjnTlz4PDMC5N7z6gNrPEds4gn
OgsoyMAjeQCgyFpkfIcoUr1N5dqPJJ0pYRm9XKClrgbe4EeCZJeZ1TBOUNQUWLYh
oSyJr6oGnaRyJ2ThobUER53jelqnyAAMhXmeMoY+tzc2MayDPSqaWcSvoSWN4yOX
vJIGQrPav7G/2m3/LR0q3GiOAdIxjw9guAg1ZUY2l6Lh4Mw9B9ERS4vQuAkyVkX3
yzEiBJzoDZL/9FN79gLK
=7sXn
-----END PGP SIGNATURE-----

More information about the Raring-changes mailing list