[ubuntu/vivid-proposed] ruby2.0 2.0.0.484+really457-3ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Nov 5 14:45:21 UTC 2014
ruby2.0 (2.0.0.484+really457-3ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: denial of service via buffer overrun in encodes
function
- debian/patches/CVE-2014x-4975.patch: properly calculate buffer size
in pack.c, added test to test/ruby/test_pack.rb.
- CVE-2014-4975
* SECURITY UPDATE: denial of service via XML expansion
- debian/patches/CVE-2014-8080.patch: limit expansions in
lib/rexml/entity.rb, added tests to test/rexml/test_document.rb,
test/rexml/test_entity.rb.
- CVE-2014-8080
Date: Tue, 04 Nov 2014 14:49:17 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/vivid/+source/ruby2.0/2.0.0.484+really457-3ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 04 Nov 2014 14:49:17 -0500
Source: ruby2.0
Binary: ruby2.0 libruby2.0 ruby2.0-dev ruby2.0-doc
Architecture: source
Version: 2.0.0.484+really457-3ubuntu2
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libruby2.0 - Libraries necessary to run Ruby 2.0
ruby2.0 - Interpreter of object-oriented scripting language Ruby
ruby2.0-dev - Header files for compiling extension modules for the Ruby 2.0
ruby2.0-doc - Documentation for Ruby 2.0
Changes:
ruby2.0 (2.0.0.484+really457-3ubuntu2) vivid; urgency=medium
.
* SECURITY UPDATE: denial of service via buffer overrun in encodes
function
- debian/patches/CVE-2014x-4975.patch: properly calculate buffer size
in pack.c, added test to test/ruby/test_pack.rb.
- CVE-2014-4975
* SECURITY UPDATE: denial of service via XML expansion
- debian/patches/CVE-2014-8080.patch: limit expansions in
lib/rexml/entity.rb, added tests to test/rexml/test_document.rb,
test/rexml/test_entity.rb.
- CVE-2014-8080
Checksums-Sha1:
09b0d1267cf04835352bd2003bd9d48d23e9a567 2481 ruby2.0_2.0.0.484+really457-3ubuntu2.dsc
aecac9d89c6f4b94b6fc10b085d5ab55c81371a8 78960 ruby2.0_2.0.0.484+really457-3ubuntu2.debian.tar.xz
Checksums-Sha256:
5bacf39ba1103a14bc5bf7910180239487d7f4c91018e4a3a990e84937093c25 2481 ruby2.0_2.0.0.484+really457-3ubuntu2.dsc
3880e392741390745e3553b7fed26905d66174c388effe280c17a1fb8a34704d 78960 ruby2.0_2.0.0.484+really457-3ubuntu2.debian.tar.xz
Files:
d5e35df47d9a167a0766cadeb3ebebc7 2481 ruby extra ruby2.0_2.0.0.484+really457-3ubuntu2.dsc
b5f4402d8eda81e175f521cd3c7cdebe 78960 ruby extra ruby2.0_2.0.0.484+really457-3ubuntu2.debian.tar.xz
Original-Maintainer: Antonio Terceiro <terceiro at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUWjQUAAoJEGVp2FWnRL6T5g0P/1gZpRMfyIqL4WvLrlK3yjH+
bKsrjW+0ZBVCUfXEEPaHC3aGvcGtwPluOkAkE/PWSmQto28aGd++xOaojWV2FaVm
bDFXtf+h6nMkgsgMojs56GmW+e5UvdQFsMGS55qanejVebvMvS+an0UIOfQgRqIv
uFdopE7bbdSls/QY+9p/KOy1zgZ8GWWY43uljZB3PMlyCD0ETOrxVfh7HKRM0GVG
8Tt+0ZLm2iVSTKSZBZQYWmKAn/Ln3Al5YmkASbmYcqXvVEj4N2ifpEaTDJbD/J69
1h7fHnRdcHcIJSotKKmNl5HMjNX6RHX//1IGS/kIgkSKCIjQTjmKqMr0dkLycx/b
E/0koqrti/nKo5L2/Bu17P4T7KN/QVLauueI5dSxNSM3GIJtwyvkBdRcM9PIJ7yz
jcH7wwHqlf9BVy3/PBGvQUZsFfb1s+EmUVosJUqB1/1ZZXcLdQ7FTJucn9/Ioz+3
C80FNtavBk3iSccIWT+z/qRurwXfaWhbFGQHgUm+Wg2damxqNtNreWqiuoRVUf/S
SsFxQkgt1w3msLDDjdgUkTmtvG6iQsDbnE7E+K/HB3V/kTI0yl2s8JUwRinxSCd9
dCg+Bnur2ax9j6dlhzv//t8EbD6BB46/zAQHqM8+DXSgm/bbrKobrMzETau9FruC
IFCqLI5t1nNbd4lbTQaQ
=TlWV
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list