[ubuntu/vivid-proposed] ruby2.1 2.1.2-2ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Nov 5 14:45:17 UTC 2014
ruby2.1 (2.1.2-2ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: denial of service via buffer overrun in encodes
function
- debian/patches/CVE-2014x-4975.patch: properly calculate buffer size
in pack.c, added test to test/ruby/test_pack.rb.
- CVE-2014-4975
* SECURITY UPDATE: denial of service via XML expansion
- debian/patches/CVE-2014-8080.patch: limit expansions in
lib/rexml/entity.rb, added tests to test/rexml/test_document.rb,
test/rexml/test_entity.rb.
- CVE-2014-8080
Date: Tue, 04 Nov 2014 14:50:11 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/vivid/+source/ruby2.1/2.1.2-2ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 04 Nov 2014 14:50:11 -0500
Source: ruby2.1
Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc
Architecture: source
Version: 2.1.2-2ubuntu2
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libruby2.1 - Libraries necessary to run Ruby 2.1
ruby2.1 - Interpreter of object-oriented scripting language Ruby
ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1
ruby2.1-doc - Documentation for Ruby 2.1
Changes:
ruby2.1 (2.1.2-2ubuntu2) vivid; urgency=medium
.
* SECURITY UPDATE: denial of service via buffer overrun in encodes
function
- debian/patches/CVE-2014x-4975.patch: properly calculate buffer size
in pack.c, added test to test/ruby/test_pack.rb.
- CVE-2014-4975
* SECURITY UPDATE: denial of service via XML expansion
- debian/patches/CVE-2014-8080.patch: limit expansions in
lib/rexml/entity.rb, added tests to test/rexml/test_document.rb,
test/rexml/test_entity.rb.
- CVE-2014-8080
Checksums-Sha1:
eb7c3827282e1d8e403daf502376c224ae497376 2452 ruby2.1_2.1.2-2ubuntu2.dsc
29e0307df681eb62dc84610acb7167c8dba617fc 81516 ruby2.1_2.1.2-2ubuntu2.debian.tar.xz
Checksums-Sha256:
21a42810e14058da7bcc62a6c5bfed45226bc024da82fd4f4449b2110d618f15 2452 ruby2.1_2.1.2-2ubuntu2.dsc
a18ab0a7d5b884d886d9915b5134c499ad4963a1a78d56efc9e4a6486e10766b 81516 ruby2.1_2.1.2-2ubuntu2.debian.tar.xz
Files:
e716ae6eca33982508820ed042dce0f5 2452 ruby extra ruby2.1_2.1.2-2ubuntu2.dsc
208bbad711b3dc94b29ac7675a9e576b 81516 ruby extra ruby2.1_2.1.2-2ubuntu2.debian.tar.xz
Original-Maintainer: Antonio Terceiro <terceiro at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUWjQJAAoJEGVp2FWnRL6TPogP/17X2eiPy1iqNYPscydYf+t5
xHEiITlTi1y4zGEoDFviLgCDYWt00kuUhoRHxV4qCMVjEqYZE3dopwf04kJzsMU1
hSWBCR6iS/kewV3gM8Gm5zwpoNaz6ZFYU5eJQjjOb33ZuJ2zPkAWx9x09YF6TlsI
3FwwHrRp1uX4alUnfQt26b4V9K7gOpV3bCqY65zB+k6q2uhi5QpEjwA0+UvNZQvB
w2fS/WKE0N0N+cIspu/Adr+Qx6/hhv1/C+VVunpS4K3LcV4pay9k4fLRDIAy8X/N
rYQpFTdp9zCZ5E4on6hCu/liNOi6NohfaegFdFP7MYcTWb8z3ikX/I40zYtsIQdR
iw4ja52MJ8ERiscefPIPzlTrbcDlcFc4NnVBnmDgoXu7scBfvrS8AAIREPD9a6nZ
n1lMDwy0vmw2hVF8QFxk9lw1veuddORVA24pht4zwnyRWLuvMg3yT/ZpSgibFzbL
c4S6sazcDoNI+qvzrGvMmpiTePWBoP8rPurr/9/f1B/XNDdMfPIMwRPeOcAmeY7B
OdPtEjyTEPMYAVKhkQs3coI0vWWlgqkqi58SH5zPy+bVHZ82/2owp3Fl2BBHsYg+
UG++uITQPFVAa7RbOn6CroEgosgSg3/6duf4qRpSmLL78d0Y704/GdPiGSKzmg1j
q0YYgXNdsDb82LR73yZE
=i6B3
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list