[ubuntu/vivid-proposed] ruby2.1 2.1.2-2ubuntu2 (Accepted)

[Marc Deslauriers]

ruby2.1 (2.1.2-2ubuntu2) vivid; urgency=medium

  * SECURITY UPDATE: denial of service via buffer overrun in encodes
    function
    - debian/patches/CVE-2014x-4975.patch: properly calculate buffer size
      in pack.c, added test to test/ruby/test_pack.rb.
    - CVE-2014-4975
  * SECURITY UPDATE: denial of service via XML expansion
    - debian/patches/CVE-2014-8080.patch: limit expansions in
      lib/rexml/entity.rb, added tests to test/rexml/test_document.rb,
      test/rexml/test_entity.rb.
    - CVE-2014-8080

Date: Tue, 04 Nov 2014 14:50:11 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/vivid/+source/ruby2.1/2.1.2-2ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 04 Nov 2014 14:50:11 -0500
Source: ruby2.1
Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc
Architecture: source
Version: 2.1.2-2ubuntu2
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libruby2.1 - Libraries necessary to run Ruby 2.1
 ruby2.1    - Interpreter of object-oriented scripting language Ruby
 ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1
 ruby2.1-doc - Documentation for Ruby 2.1
Changes:
 ruby2.1 (2.1.2-2ubuntu2) vivid; urgency=medium
 .
   * SECURITY UPDATE: denial of service via buffer overrun in encodes
     function
     - debian/patches/CVE-2014x-4975.patch: properly calculate buffer size
       in pack.c, added test to test/ruby/test_pack.rb.
     - CVE-2014-4975
   * SECURITY UPDATE: denial of service via XML expansion
     - debian/patches/CVE-2014-8080.patch: limit expansions in
       lib/rexml/entity.rb, added tests to test/rexml/test_document.rb,
       test/rexml/test_entity.rb.
     - CVE-2014-8080
Checksums-Sha1:
 eb7c3827282e1d8e403daf502376c224ae497376 2452 ruby2.1_2.1.2-2ubuntu2.dsc
 29e0307df681eb62dc84610acb7167c8dba617fc 81516 ruby2.1_2.1.2-2ubuntu2.debian.tar.xz
Checksums-Sha256:
 21a42810e14058da7bcc62a6c5bfed45226bc024da82fd4f4449b2110d618f15 2452 ruby2.1_2.1.2-2ubuntu2.dsc
 a18ab0a7d5b884d886d9915b5134c499ad4963a1a78d56efc9e4a6486e10766b 81516 ruby2.1_2.1.2-2ubuntu2.debian.tar.xz
Files:
 e716ae6eca33982508820ed042dce0f5 2452 ruby extra ruby2.1_2.1.2-2ubuntu2.dsc
 208bbad711b3dc94b29ac7675a9e576b 81516 ruby extra ruby2.1_2.1.2-2ubuntu2.debian.tar.xz
Original-Maintainer: Antonio Terceiro <terceiro at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUWjQJAAoJEGVp2FWnRL6TPogP/17X2eiPy1iqNYPscydYf+t5
xHEiITlTi1y4zGEoDFviLgCDYWt00kuUhoRHxV4qCMVjEqYZE3dopwf04kJzsMU1
hSWBCR6iS/kewV3gM8Gm5zwpoNaz6ZFYU5eJQjjOb33ZuJ2zPkAWx9x09YF6TlsI
3FwwHrRp1uX4alUnfQt26b4V9K7gOpV3bCqY65zB+k6q2uhi5QpEjwA0+UvNZQvB
w2fS/WKE0N0N+cIspu/Adr+Qx6/hhv1/C+VVunpS4K3LcV4pay9k4fLRDIAy8X/N
rYQpFTdp9zCZ5E4on6hCu/liNOi6NohfaegFdFP7MYcTWb8z3ikX/I40zYtsIQdR
iw4ja52MJ8ERiscefPIPzlTrbcDlcFc4NnVBnmDgoXu7scBfvrS8AAIREPD9a6nZ
n1lMDwy0vmw2hVF8QFxk9lw1veuddORVA24pht4zwnyRWLuvMg3yT/ZpSgibFzbL
c4S6sazcDoNI+qvzrGvMmpiTePWBoP8rPurr/9/f1B/XNDdMfPIMwRPeOcAmeY7B
OdPtEjyTEPMYAVKhkQs3coI0vWWlgqkqi58SH5zPy+bVHZ82/2owp3Fl2BBHsYg+
UG++uITQPFVAa7RbOn6CroEgosgSg3/6duf4qRpSmLL78d0Y704/GdPiGSKzmg1j
q0YYgXNdsDb82LR73yZE
=i6B3
-----END PGP SIGNATURE-----