[Bug 281456] [NEW] Please sync ruby1.9 1.9.0.2-7 (main) from Debian unstable (main).

Jamie Strandboge jamie at ubuntu.com
Fri Oct 10 21:51:22 BST 2008 

Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/ruby1.9
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync ruby1.9 1.9.0.2-7 (main) from Debian unstable (main).

Changelog since current intrepid version 1.9.0.2-5:

ruby1.9 (1.9.0.2-7) unstable; urgency=low

  * debian/rules: Fixed a FTBFS on hurd-i386: failure of 
    cat /proc/cpuinfo no more stops the build process.
    (Closes: #497737)

 -- Daigo Moriwaki <daigo at debian.org>  Fri, 05 Sep 2008 12:07:57 +0900

ruby1.9 (1.9.0.2-6) unstable; urgency=low

  * Added patches under debian/patches which were backported from the
    upstream and fixed multiple vulnerabilities: 
    - 301_dns_spoofing_r18424.dpatch: fixed DNS spoofing vulnerability 
      in resolv.rb. (CVE-2008-1447)
    - 302_r18220_webrick_DoS.dpatch: fixed DoS vulnerability in WEBrick.
    - 303_r17726_syslog_safeleve4.dpatch: syslog operations should be 
      protected from $SAFE level 4.
    - 304_r17577_trace_var_safeleve4.dpatch: rb_f_trace_var should not
      be allowed at safe level 4.
    - 305_r18496_dl_tain.dpatch: dl doesn't check taintness, so it could 
      allow attackers to call dangerous functions.
    - 306_r17586_methods_called_safelevel13.dpatch: Insecure methods may 
      be called at safe level 1-3.
      (Closes: #494402)
    - 307_r19033_rexml_DoS.dpatch: fixed DoS vulnerability in REXML.
      (CVE-2008-3790) (Closes: #497610)

 -- Daigo Moriwaki <daigo at debian.org>  Tue, 02 Sep 2008 22:11:34 -0400


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFI78BFW0JvuRdL8BoRAkONAJ4pumTP4hzpSpJSjAC7mECHoVg+0ACfetre
aAdMmM9FghNGxhHBZDQizpw=
=I6nz
-----END PGP SIGNATURE-----

** Affects: ruby1.9 (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

-- 
Please sync ruby1.9 1.9.0.2-7 (main) from Debian unstable (main).
https://bugs.launchpad.net/bugs/281456
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.

More information about the ubuntu-archive mailing list