[ubuntu/raring-proposed] ruby1.8 1.8.7.358-7ubuntu1 (Accepted)

Colin Watson cjwatson at ubuntu.com
Tue Mar 19 14:00:14 UTC 2013 

ruby1.8 (1.8.7.358-7ubuntu1) raring; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Fix safe level bypass (CVE-2012-4466).
    - Build using the default GCC again, and -fno-optimize-sibling-calls.
  * Handle multiarch Tcl/Tk.
  * Build with -fno-tree-dce.  This fixes the ruby-ffi build.

ruby1.8 (1.8.7.358-7) unstable; urgency=high

  [ Salvatore Bonaccorso ]
  * Add CVE-2013-1821.patch patch.
    CVE-2013-1821: Fix entity expansion DoS vulnerability in REXML. When
    reading text nodes from an XML document, the REXML parser could be
    coerced into allocating extremely large string objects which could
    consume all available memory on the system. (Closes: #702526)

  [ Lucas Nussbaum ]
  * Reviewed and tested Salvatore's patch.

Date: Tue, 19 Mar 2013 13:40:19 +0000
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/raring/+source/ruby1.8/1.8.7.358-7ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 19 Mar 2013 13:40:19 +0000
Source: ruby1.8
Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libtcltk-ruby1.8 ruby1.8-examples ri1.8 ruby1.8-full
Architecture: source
Version: 1.8.7.358-7ubuntu1
Distribution: raring
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description: 
 libruby1.8 - Libraries necessary to run Ruby 1.8
 libruby1.8-dbg - Debugging symbols for Ruby 1.8
 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
 ri1.8      - Ruby Interactive reference (for Ruby 1.8)
 ruby1.8    - Interpreter of object-oriented scripting language Ruby 1.8
 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
 ruby1.8-examples - Examples for Ruby 1.8
 ruby1.8-full - Ruby 1.8 full installation
Closes: 702526
Changes: 
 ruby1.8 (1.8.7.358-7ubuntu1) raring; urgency=low
 .
   * Resynchronise with Debian.  Remaining changes:
     - Fix safe level bypass (CVE-2012-4466).
     - Build using the default GCC again, and -fno-optimize-sibling-calls.
   * Handle multiarch Tcl/Tk.
   * Build with -fno-tree-dce.  This fixes the ruby-ffi build.
 .
 ruby1.8 (1.8.7.358-7) unstable; urgency=high
 .
   [ Salvatore Bonaccorso ]
   * Add CVE-2013-1821.patch patch.
     CVE-2013-1821: Fix entity expansion DoS vulnerability in REXML. When
     reading text nodes from an XML document, the REXML parser could be
     coerced into allocating extremely large string objects which could
     consume all available memory on the system. (Closes: #702526)
 .
   [ Lucas Nussbaum ]
   * Reviewed and tested Salvatore's patch.
Checksums-Sha1: 
 0d5cbe82d2b1ec9193154d16824fdeb11e0ec7a5 2682 ruby1.8_1.8.7.358-7ubuntu1.dsc
 4c93a23211932538a8c2353978acfe1b9c3f8a06 60175 ruby1.8_1.8.7.358-7ubuntu1.debian.tar.gz
Checksums-Sha256: 
 5c15055f6f05a106de82f9beb3c4a901173c1c3eafb21306b7c38ea4ee8d788c 2682 ruby1.8_1.8.7.358-7ubuntu1.dsc
 d6ec7afdf47174a42b5daaa5c3bc50b072b1e6e63e19a53a51c8dc0db4e6de31 60175 ruby1.8_1.8.7.358-7ubuntu1.debian.tar.gz
Files: 
 eff779e1d70a8f35b152e9a6d2f2fbbf 2682 ruby optional ruby1.8_1.8.7.358-7ubuntu1.dsc
 2e852570923c69d526b1ad99a98cca09 60175 ruby optional ruby1.8_1.8.7.358-7ubuntu1.debian.tar.gz
Original-Maintainer: akira yamada <akira at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Colin Watson <cjwatson at debian.org> -- Debian developer

iQIVAwUBUUhvKDk1h9l9hlALAQhfkhAAuDCsgLwLd3cMqVP522YrneW/QGSPNqYn
5iejd1nupIcoHHUpeAWkBISiuvg+sweGrQQJCByAPOY/WHk/AczNC54SXMhWzOIh
4Xn7gk1YhSc6c8Jxs5tdihozs/v17e1AmaJKgUmn/RN3olSDAWHy1mgeLbcQX5gC
KxcHD0kfkp525s0LVtg57TJQ6yyVKsvFLA2+SUV0b3K4oEPHveRN3tyPx4BqQNt6
/UBxuaYi2fXI1BSmx47stYa1BlheDbKCN0s/n6CyrRG7raZFQiASej1kwJMsgr1y
KwGKKcL6xfiCtlIm3PE+IoT+aZiMm2X605sdjAnXSB8p+QjCsbbpa4hu5zdsxEsO
IU2rN+8AEX+WOBN6j+eqAho6YJah6YOdaSoUBfb5eWwR+zUkPqClWyh5F3YzwfVE
K6knTGZIVc69x4ImG0QSl+TWSNGCGWPjNwiU1zMjZ37uwZmahA9Ck82ho4+po4/v
NjpIdPlzWfENVEkt9dUFc4JhkaplmqTvMD4rOQicfbX1ZRABf4cilm6Vo3iTnBrd
gAt2y9LesAN8mmwVJgAJENsPlCBy+xPCBpaugm6LhKXYATcT4gAUL9anE0WEniMT
tDgP58iuaeG3Z98Of9PwMSD0507ftz0pnHqMqFOiS/UnoU0FPyvDU+BhOdT8pEss
NG/0OhgZcUM=
=oAZe
-----END PGP SIGNATURE-----

More information about the Raring-changes mailing list