Change log for ruby1.8 package in Ubuntu
| 1 → 75 of 108 results | First • Previous • Next • Last |
ruby1.8 (1.8.7.352-2ubuntu1.6) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via XML expansion
- debian/patches/CVE-2014-8090.patch: add REXML::Document#document
to lib/rexml/document.rb, add warning to lib/rexml/entity.rb, added
tests to test/rexml/test_document.rb.
- CVE-2014-8090
-- Marc Deslauriers <email address hidden> Wed, 19 Nov 2014 15:39:16 -0500
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1.5) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via XML expansion
- debian/patches/CVE-2014-8080.patch: limit expansions in
lib/rexml/entity.rb, added tests to test/rexml/test_document.rb.
- CVE-2014-8080
-- Marc Deslauriers <email address hidden> Fri, 31 Oct 2014 13:13:25 -0400
Available diffs
| Deleted in trusty-release (Reason: lp: #1303358, remove the ruby1.8 itself) |
| Deleted in trusty-proposed (Reason: moved to release) |
ruby1.8 (1.8.7.358-10ubuntu1) trusty; urgency=medium
* Merge with Debian; remaining changes:
- Build-depend on tcl8.5-dev and tk8.5-dev, ruby is not yet ready
for Tcl/Tk 8.6.
- Fix safe level bypass (CVE-2012-4466).
- Build using the default GCC again, and -fno-optimize-sibling-calls.
- Handle multiarch Tcl/Tk.
- Build with -fno-tree-dce. This fixes the ruby-ffi build.
Available diffs
ruby1.8 (1.8.7.358-8ubuntu3) trusty; urgency=medium
* Build-depend on tcl8.5-dev and tk8.5-dev, ruby is not yet ready
for Tcl/Tk 8.6.
-- Matthias Klose <email address hidden> Sat, 04 Jan 2014 18:41:47 +0100
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1.4) precise-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow in floating point parsing.
- debian/patches/CVE-2013-4164.patch: check lengths in util.c.
- CVE-2013-4164
-- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 09:09:41 -0500
Available diffs
ruby1.8 (1.8.7.358-4ubuntu0.4) quantal-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow in floating point parsing.
- debian/patches/CVE-2013-4164.patch: check lengths in util.c.
- CVE-2013-4164
-- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 09:08:25 -0500
Available diffs
ruby1.8 (1.8.7.358-7ubuntu1.2) raring-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow in floating point parsing.
- debian/patches/CVE-2013-4164.patch: check lengths in util.c.
- CVE-2013-4164
-- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 09:07:23 -0500
Available diffs
ruby1.8 (1.8.7.358-7ubuntu2.1) saucy-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow in floating point parsing.
- debian/patches/CVE-2013-4164.patch: check lengths in util.c.
- CVE-2013-4164
-- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 08:47:29 -0500
Available diffs
| Superseded in trusty-release |
| Superseded in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
ruby1.8 (1.8.7.358-8ubuntu2) trusty; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow in floating point parsing.
- debian/patches/CVE-2013-4164.patch: check lengths in util.c, added
test to test/ruby/test_float.rb.
- CVE-2013-4164
-- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 08:49:40 -0500
Available diffs
ruby1.8 (1.8.7.358-8ubuntu1) trusty; urgency=low
* Resynchronise with Debian. Remaining changes:
- Fix safe level bypass (CVE-2012-4466).
- Build using the default GCC again, and -fno-optimize-sibling-calls.
- Handle multiarch Tcl/Tk.
- Build with -fno-tree-dce. This fixes the ruby-ffi build.
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1.3) precise-security; urgency=low
* SECURITY UPDATE: incorrect ssl hostname verification
- debian/patches/CVE-2013-4073.patch: fix hostname check and regression
in ext/openssl/lib/openssl/ssl-internal.rb, added test to
test/openssl/test_ssl.rb.
- CVE-2013-4073
-- Marc Deslauriers <email address hidden> Mon, 08 Jul 2013 10:17:35 -0400
Available diffs
ruby1.8 (1.8.7.358-4ubuntu0.3) quantal-security; urgency=low
* SECURITY UPDATE: incorrect ssl hostname verification
- debian/patches/CVE-2013-4073.patch: fix hostname check and regression
in ext/openssl/lib/openssl/ssl-internal.rb, added test to
test/openssl/test_ssl.rb.
- CVE-2013-4073
-- Marc Deslauriers <email address hidden> Mon, 08 Jul 2013 10:16:09 -0400
Available diffs
ruby1.8 (1.8.7.358-7ubuntu1.1) raring-security; urgency=low
* SECURITY UPDATE: incorrect ssl hostname verification
- debian/patches/CVE-2013-4073.patch: fix hostname check and regression
in ext/openssl/lib/openssl/ssl-internal.rb, added test to
test/openssl/test_ssl.rb.
- CVE-2013-4073
-- Marc Deslauriers <email address hidden> Mon, 08 Jul 2013 10:15:03 -0400
Available diffs
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
ruby1.8 (1.8.7.358-7ubuntu2) saucy; urgency=low
* SECURITY UPDATE: incorrect ssl hostname verification
- debian/patches/CVE-2013-4073.patch: fix hostname check and regression
in ext/openssl/lib/openssl/ssl-internal.rb, added test to
test/openssl/test_ssl.rb.
- CVE-2013-4073
-- Marc Deslauriers <email address hidden> Mon, 08 Jul 2013 10:11:00 -0400
Available diffs
ruby1.8 (1.8.7.352-2ubuntu0.3) oneiric-security; urgency=low
* SECURITY UPDATE: REXML entity expansion DoS
- debian/patches/CVE-2013-1821.patch: set an expansion limit in
lib/rexml/document.rb, lib/rexml/text.rb, added test to
test/rexml/test_document.rb.
- Patch taken from Debian's 1.8.7.358-7
- CVE-2013-1821
-- Marc Deslauriers <email address hidden> Fri, 22 Mar 2013 14:57:47 -0400
Available diffs
ruby1.8 (1.8.7.249-2ubuntu0.3) lucid-security; urgency=low
* SECURITY UPDATE: REXML entity expansion DoS
- debian/patches/CVE-2013-1821.dpatch: set an expansion limit in
lib/rexml/document.rb, lib/rexml/text.rb, added test to
test/rexml/test_document.rb.
- Patch taken from Debian's 1.8.7.358-7
- CVE-2013-1821
-- Marc Deslauriers <email address hidden> Fri, 22 Mar 2013 15:00:28 -0400
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1.2) precise-security; urgency=low
* SECURITY UPDATE: REXML entity expansion DoS
- debian/patches/CVE-2013-1821.patch: set an expansion limit in
lib/rexml/document.rb, lib/rexml/text.rb, added test to
test/rexml/test_document.rb.
- Patch taken from Debian's 1.8.7.358-7
- CVE-2013-1821
-- Marc Deslauriers <email address hidden> Fri, 22 Mar 2013 14:52:43 -0400
Available diffs
ruby1.8 (1.8.7.358-4ubuntu0.2) quantal-security; urgency=low
* SECURITY UPDATE: REXML entity expansion DoS
- debian/patches/CVE-2013-1821.patch: set an expansion limit in
lib/rexml/document.rb, lib/rexml/text.rb, added test to
test/rexml/test_document.rb.
- Patch taken from Debian's 1.8.7.358-7
- CVE-2013-1821
-- Marc Deslauriers <email address hidden> Fri, 22 Mar 2013 13:53:06 -0400
Available diffs
| Superseded in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
ruby1.8 (1.8.7.358-7ubuntu1) raring; urgency=low
* Resynchronise with Debian. Remaining changes:
- Fix safe level bypass (CVE-2012-4466).
- Build using the default GCC again, and -fno-optimize-sibling-calls.
* Handle multiarch Tcl/Tk.
* Build with -fno-tree-dce. This fixes the ruby-ffi build.
Available diffs
ruby1.8 (1.8.7.358-6ubuntu2) raring; urgency=low
* Build using the default GCC again.
Build using -fno-optimize-sibling-calls. Unchecked if it works
without it, but it's not worth for investigating in ruby1.8 anymore.
-- Matthias Klose <email address hidden> Sat, 16 Feb 2013 21:00:42 +0100
Available diffs
ruby1.8 (1.8.7.358-6ubuntu1) raring; urgency=low * SECURITY UPDATE: Safe level bypass (LP: #1077223) - debian/patches/CVE-2012-4466.patch: Remove incorrect string taint in exception handling method. Based on upstream patch. - CVE-2012-4466 -- Tyler Hicks <email address hidden> Fri, 09 Nov 2012 14:56:55 -0800
Available diffs
ruby1.8 (1.8.7.358-6) unstable; urgency=high
* Timeout the execution of the tests after 2 hours. This should fix the
build on kfreebsd-* (Closes: #691793) and hurd.
-- Antonio Terceiro <email address hidden> Wed, 31 Oct 2012 22:12:50 +0100
Available diffs
- diff from 1.8.7.358-5 to 1.8.7.358-6 (572 bytes)
ruby1.8 (1.8.7.358-5) unstable; urgency=high
* added debian/patches/CVE-2012-4481.patch to fix CVE-2012-4481
(Closes: #689945)
-- Antonio Terceiro <email address hidden> Sun, 14 Oct 2012 19:45:52 -0300
Available diffs
- diff from 1.8.7.358-4 to 1.8.7.358-5 (783 bytes)
ruby1.8 (1.8.7.358-4ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: Safe level bypasses
- debian/patches/CVE-2012-4466_CVE-2012-4481.patch: Remove incorrect
string taints in exception handling methods. Based on upstream patch.
- CVE-2012-4466
- CVE-2012-4481
-- Tyler Hicks <email address hidden> Thu, 11 Oct 2012 12:00:09 -0700
Available diffs
ruby1.8 (1.8.7.249-2ubuntu0.2) lucid-security; urgency=low
* SECURITY UPDATE: Safe level bypasses
- debian/patches/CVE-2012-4466_CVE-2012-4481.dpatch: Remove incorrect
string taints in exception handling methods. Based on upstream patch.
- CVE-2012-4466
- CVE-2012-4481
-- Tyler Hicks <email address hidden> Wed, 10 Oct 2012 00:53:17 -0700
Available diffs
ruby1.8 (1.8.7.302-2ubuntu0.2) natty-security; urgency=low
* SECURITY UPDATE: Safe level bypasses
- debian/patches/CVE-2012-4466_CVE-2012-4481.patch: Remove incorrect
string taints in exception handling methods. Based on upstream patch.
- CVE-2012-4466
- CVE-2012-4481
-- Tyler Hicks <email address hidden> Wed, 10 Oct 2012 00:42:55 -0700
Available diffs
ruby1.8 (1.8.7.352-2ubuntu0.2) oneiric-security; urgency=low
* SECURITY UPDATE: Safe level bypasses
- debian/patches/CVE-2012-4466_CVE-2012-4481.patch: Remove incorrect
string taints in exception handling methods. Based on upstream patch.
- CVE-2012-4466
- CVE-2012-4481
-- Tyler Hicks <email address hidden> Wed, 10 Oct 2012 00:37:35 -0700
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1.1) precise-security; urgency=low
* SECURITY UPDATE: Safe level bypasses
- debian/patches/CVE-2012-4466_CVE-2012-4481.patch: Remove incorrect
string taints in exception handling methods. Based on upstream patch.
- CVE-2012-4466
- CVE-2012-4481
-- Tyler Hicks <email address hidden> Wed, 10 Oct 2012 00:28:52 -0700
Available diffs
ruby1.8 (1.8.7.358-4) unstable; urgency=low
* debian/rules: avoid running DRB tests, since they crash and leave runaway
processes that make buildds hang forever. With this, I expect that we
don't need to set timeouts for the test suite at all (Closes: #674942).
* Added patch by Steven Chamberlain to make ruby1.8-dev depend on gcc-4.6,
since Ruby will hard code that as the compiler for building C extensions.
Any C extension will FTBFS if gcc-4.6 is not installed (Closes: #675347).
-- Antonio Terceiro <email address hidden> Fri, 01 Jun 2012 22:44:42 -0300
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1) precise; urgency=low
* SECURITY UPDATE: Denial of service via crafted hash table keys
(LP: #943451)
- debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
algorithm to prevent predictable results when inserting objects into a
hash table. Based on upstream patch.
- CVE-2011-4815
-- Tyler Hicks <email address hidden> Wed, 29 Feb 2012 12:11:48 -0600
Available diffs
ruby1.8 (1.8.7.249-2ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Cross-site scripting via HTTP error responses
- debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
set for HTTP error responses. Based on upstream patch.
- CVE-2010-0541
* SECURITY UPDATE: Arbitrary code execution and denial of service
- debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
corruption during allocation. Based on upstream patch.
- CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
- debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
than recursively removing everything underneath the symlink
destination. Based on upstream patch.
- CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
- debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
in exception handling methods. Based on upstream patch.
- CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
- debian/patches/CVE-2011-2686.patch: Reseed the random number
generator each time a child process is created. Based on upstream
patch.
- CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
- debian/patches/CVE-2011-2705.patch: Reseed the random number
generator with the pid number and the current time to prevent
predictable random numbers in the case of pid number rollover. Based on
upstream patch.
- CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
- debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
algorithm to prevent predictable results when inserting objects into a
hash table. Based on upstream patch.
- CVE-2011-4815
-- Tyler Hicks <email address hidden> Tue, 21 Feb 2012 16:28:51 -0600
Available diffs
ruby1.8 (1.8.7.299-2ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: Cross-site scripting via HTTP error responses
- debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
set for HTTP error responses. Based on upstream patch.
- CVE-2010-0541
* SECURITY UPDATE: Arbitrary code execution and denial of service
- debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
corruption during allocation. Based on upstream patch.
- CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
- debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
than recursively removing everything underneath the symlink
destination. Based on upstream patch.
- CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
- debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
in exception handling methods. Based on upstream patch.
- CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
- debian/patches/CVE-2011-2686.patch: Reseed the random number
generator each time a child process is created. Based on upstream
patch.
- CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
- debian/patches/CVE-2011-2705.patch: Reseed the random number
generator with the pid number and the current time to prevent
predictable random numbers in the case of pid number rollover. Based on
upstream patch.
- CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
- debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
algorithm to prevent predictable results when inserting objects into a
hash table. Based on upstream patch.
- CVE-2011-4815
-- Tyler Hicks <email address hidden> Tue, 21 Feb 2012 16:28:51 -0600
Available diffs
ruby1.8 (1.8.7.302-2ubuntu0.1) natty-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution and denial of service
- debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
corruption during allocation. Based on upstream patch.
- CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
- debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
than recursively removing everything underneath the symlink
destination. Based on upstream patch.
- CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
- debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
in exception handling methods. Based on upstream patch.
- CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
- debian/patches/CVE-2011-2686.patch: Reseed the random number
generator each time a child process is created. Based on upstream
patch.
- CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
- debian/patches/CVE-2011-2705.patch: Reseed the random number
generator with the pid number and the current time to prevent
predictable random numbers in the case of pid number rollover. Based on
upstream patch.
- CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
- debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
algorithm to prevent predictable results when inserting objects into a
hash table. Based on upstream patch.
- CVE-2011-4815
-- Tyler Hicks <email address hidden> Tue, 21 Feb 2012 16:28:51 -0600
Available diffs
ruby1.8 (1.8.7.352-2ubuntu0.1) oneiric-security; urgency=low
* SECURITY UPDATE: Denial of service via crafted hash table keys
- debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
algorithm to prevent predictable results when inserting objects into a
hash table. Based on upstream patch.
- CVE-2011-4815
-- Tyler Hicks <email address hidden> Tue, 21 Feb 2012 16:28:51 -0600
Available diffs
ruby1.8 (1.8.7.352-2) unstable; urgency=low * Add -fno-tree-sra on armel. Workaround that Closes: #634260 -- Lucas Nussbaum <email address hidden> Sun, 24 Jul 2011 12:30:48 +0200
| Superseded in oneiric-release |
ruby1.8 (1.8.7.334-5) unstable; urgency=low
* Build depend on libreadline-gplv2-dev instead of libreadline5-dev. Ruby
is dual-licensed under GPLv2 (only) || Ruby license, so we cannot use
libreadline6-dev. Closes: #625855
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 16 May 2011 07:50:58 +0000
Available diffs
- diff from 1.8.7.334-4 to 1.8.7.334-5 (762 bytes)
| Superseded in oneiric-release |
ruby1.8 (1.8.7.334-4) unstable; urgency=low
* Drop ruby1.8-elisp. The Ruby emacs mode is now provided in emacs 23.
All the open bugs were mentioned to an upstream developer, who fixed the
ones that still affected ruby-mode.
Closes: #502926, #527266, #192647, #282796, #366045, #373199, #411173.
Closes: #468952, #619754, #489355.
* Add patch 110411_disable_osslv2.patch
Disables SSLv2. Closes: #621509
* Move the ri1.8 binary and manpage to the ruby1.8 package. ri1.8 still
exists, but only contains the documentation. This is needed to
Closes: #621058.
* Make libruby1.8 Conflict, Replace irb1.8, rdoc1.8. Closes: #608582
Available diffs
- diff from 1.8.7.302-2 to 1.8.7.334-4 (29.3 KiB)
ruby1.8 (1.8.7.302-2) unstable; urgency=high
* Add debian/patches/100901_threading_fixes.patch. Fixes threading
problems on Debian GNU/kFreeBSD exhibited by puppet.
Thanks to Petr Salinger and Aurélien Jarno. Closes: #595034
Available diffs
- diff from 1.8.7.299-2 to 1.8.7.302-2 (2.8 KiB)
ruby1.8 (1.8.7.299-2) unstable; urgency=low
* Convert from dpatch to quilt using dpatch2quilt.sh
* Add patch 100730_disable_getsetcontext_on_nptl: disable getsetcontext on
NPTL. LP: #307462, Closes: #579229
* Added 100730_verbose-tests.patch: run tests in verbose mode.
* Run make test-all, but do not consider failures fatal for now.
* Upgrade to Standards-Version: 3.9.1. No changes needed.
* Deal with Ubuntu changing the GCC target to i686-linux-gnu: search
for libs in i486-linux too. LP: #611322.
-- Lucas Nussbaum <email address hidden> Fri, 30 Jul 2010 17:45:14 -0400
Available diffs
- diff from 1.8.7.299-1 to 1.8.7.299-2 (9.4 KiB)
| Superseded in maverick-release |
ruby1.8 (1.8.7.299-1) unstable; urgency=low
* New upstream release
* Removed patches that the upstrem has applied:
- debian/patches/100312_timeout-fix.dpatch
- debian/patches/100620_fix_pathname_warning.dpatch
- debian/patches/100620_fix_super_called_outside_of_method.dpatch
-- Mikhail Turov <email address hidden> Sun, 27 Jun 2010 22:16:44 +0900
Available diffs
- diff from 1.8.7.249-4 to 1.8.7.299-1 (170.9 KiB)
| Superseded in maverick-release |
ruby1.8 (1.8.7.249-4) unstable; urgency=low
[ Lucas Nussbaum ]
* Make ruby1.8 depend on exactly the same version of libruby1.8 after
private discussion with Alex Legler. This avoids confusing situations
for users.
* Update debian/patches/100312_timeout-fix.dpatch after discussion with
Petr Salinger. Treat FreeBSD the same as Linux. Closes: #580464
[ Daigo Moriwaki ]
* Removed debian/patches/091125_gc_check.dpatch, which the upstream has
applied. (Closes: #586374)
* Added debian/patches/100620_fix_pathname_warning.dpatch, which was
backported from the upstream r23485.
(Closes: #566611)
* Added debian/patches/100620_fix_super_called_outside_of_method.dpatch,
which was backported from the upstream r26534:26536. (Closes: #568597)
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 22 Jun 2010 08:41:03 +0100
Available diffs
- diff from 1.8.7.249-3 to 1.8.7.249-4 (3.8 KiB)
| Superseded in maverick-release |
ruby1.8 (1.8.7.249-3) unstable; urgency=low
* Fix sections. Agree with ftpmasters.
* Update debian/copyright. Clarify that Ruby is GPLv2, not just "GPL".
* Merge lib{dbm,gdbm,readline,openssl}-ruby1.8 into libruby1.8.
* Merge irb1.8 and rdoc1.8 into ruby1.8.
* Update lintian override.
* Update debian/copyright.
* Upgrade to Standards-Version: 3.8.4. No changes needed.
* Add README.source.
* Fix not-binnmuable-all-depends-any lintian warning.
* Add lintian override for package-name-doesnt-match-sonames.
* Remove duplicate section/priority stanzas.
* Fix a few minor problems in manpages.
-- Ubuntu Archive Auto-Sync <email address hidden> Sun, 09 May 2010 14:01:54 +0100
Available diffs
- diff from 1.8.7.249-2 to 1.8.7.249-3 (4.5 KiB)
ruby1.8 (1.8.7.249-2) unstable; urgency=low
* Add 100312_timeout-fix.dpatch: Backport upstream change to fix
problem with threads and timeouts. Closes: #539987
-- Lucas Nussbaum <email address hidden> Fri, 19 Mar 2010 17:34:57 +0000
Available diffs
| Superseded in lucid-release |
ruby1.8 (1.8.7.249-1ubuntu1) lucid; urgency=low
* Move libreadline5-dev build dependency to libreadline-dev, to build
against libreadline6. (Debian #553843)
-- Martin Pitt <email address hidden> Mon, 08 Mar 2010 14:54:04 +0100
Available diffs
- diff from 1.8.7.249-1 to 1.8.7.249-1ubuntu1 (729 bytes)
| Superseded in lucid-release |
ruby1.8 (1.8.7.249-1) unstable; urgency=high
* New upstream release.
* The upstream has fixed a vulnerability in WEBrick, a part of Ruby's
standard library. WEBrick lets attackers to inject malicious escape
sequences to its logs, making it possible for dangerous control characters
to be executed on a victim's terminal emulator.
Available diffs
- diff from 1.8.7.174-3 to 1.8.7.249-1 (37.4 KiB)
| Superseded in lucid-release |
ruby1.8 (1.8.7.174-3) unstable; urgency=low
* Added debian/patches/091125_gc_check.dpatch: applied Bryan's patch to fix
garbage collector seg faults under race conditions. (upstream issue #2326)
Thans to Bryan McLellan. (Closes: #557924)
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 12 Dec 2009 14:55:10 +0000
Available diffs
- diff from 1.8.7.174-2 to 1.8.7.174-3 (790 bytes)
ruby1.8 (1.8.7.174-1ubuntu1) karmic-proposed; urgency=medium
* Added debian/patches/091125_gc_check.dpatch: Avoid segv on gc run whe
heap fills up with deferred objects. (LP: #488115)
* Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an
object cloned. (LP: #484756)
-- Bryan McLellan <email address hidden> Tue, 01 Dec 2009 03:33:13 -0800
Available diffs
| Superseded in lucid-release |
ruby1.8 (1.8.7.174-2) unstable; urgency=medium
[ akira yamada ]
* Added debian/patches/090811_thread_and_select.dpatch: threads may hangup
when IO.select called from two or more threads.
* Added debian/patches/090812_finalizer_at_exit.dpatch: finalizers should be
run at exit (Closes: #534241)
* Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an
object cloned. (Closes: #533329)
* Added debian/patches/090812_eval_long_exp_segv.dpatch: fix segv when eval
a long expression. (Closes: #510561)
* Added debian/patches/090812_openssl_x509_warning.dpatch: suppress warning
from OpenSSL::X509::ExtensionFactory. (Closes: #489443)
[ Lucas Nussbaum ]
* Removed Fumitoshi UKAI <email address hidden> from Uploaders. Thanks a
lot for the past help! Closes: #541037
[ Daigo Moriwaki ]
* debian/fixshebang.sh: skip non-text files, which works around hanging of
sed on scanning gif images.
* Bumped up Standards-Version to 3.8.2.
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 06 Nov 2009 10:33:52 +0000
Available diffs
- diff from 1.8.7.174-1 to 1.8.7.174-2 (5.3 KiB)
ruby1.8 (1.8.7.72-3ubuntu0.1) jaunty-security; urgency=low
* SECURITY UPDATE: certificate spoofing via invalid return value check
in OCSP_basic_verify
- debian/patches/906_security_CVE-2009-0642.dpatch: also check for -1
return code in ext/openssl/ossl_ocsp.c.
- CVE-2009-0642
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/907_security_CVE-2009-1904.dpatch: handle large
numbers properly in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904
-- Marc Deslauriers <email address hidden> Wed, 15 Jul 2009 10:38:14 -0400
Available diffs
ruby1.8 (1.8.7.72-1ubuntu0.2) intrepid-security; urgency=low
* SECURITY UPDATE: certificate spoofing via invalid return value check
in OCSP_basic_verify
- debian/patches/906_security_CVE-2009-0642.dpatch: also check for -1
return code in ext/openssl/ossl_ocsp.c.
- CVE-2009-0642
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/907_security_CVE-2009-1904.dpatch: handle large
numbers properly in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904
-- Marc Deslauriers <email address hidden> Wed, 15 Jul 2009 11:49:36 -0400
Available diffs
ruby1.8 (1.8.6.111-2ubuntu1.3) hardy-security; urgency=low
* SECURITY UPDATE: certificate spoofing via invalid return value check
in OCSP_basic_verify
- debian/patches/904_security_CVE-2009-0642.dpatch: also check for -1
return code in ext/openssl/ossl_ocsp.c.
- CVE-2009-0642
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/905_security_CVE-2009-1904.dpatch: handle large
numbers properly in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904
-- Marc Deslauriers <email address hidden> Wed, 15 Jul 2009 13:06:03 -0400
Available diffs
ruby1.8 (1.8.4-1ubuntu1.7) dapper-security; urgency=low
* SECURITY UPDATE: certificate spoofing via invalid return value check
in OCSP_basic_verify
- debian/patches/924_CVE-2009-0642.patch: also check for -1 return
code in ext/openssl/ossl_ocsp.c.
- CVE-2009-0642
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/925_CVE-2009-1904.patch: handle large numbers properly
in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904
-- Marc Deslauriers <email address hidden> Wed, 15 Jul 2009 13:31:57 -0400
Available diffs
ruby1.8 (1.8.7.174-1) unstable; urgency=low * New upstream release. -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 18 Jun 2009 08:33:17 +0100
Available diffs
- diff from 1.8.7.173-1 to 1.8.7.174-1 (1.2 KiB)
| Superseded in karmic-release |
ruby1.8 (1.8.7.173-1) unstable; urgency=high
* New upstream release.
* removed unnecessary patchs under debian/patches:
- 168_rexml_dos.dpatch
- 801_update_sample_README
- 807_sync_try_lock_always_fail.dpatch
- 905_class_dup_should_copy_constants.dpatch
- 090301_r22646_OCSP_basic_verify.dpatch
* Added a patch: debian/patches/090613_exclude_rdoc.dpatch
* Added debian/libopenssl-ruby1.8.lintian-overrides
* The upstream has fixed the DoS vulnerability in BigDecimal Ruby
Library (CVE-2009-1904; Closes: #532689)
* debian/control:
- Bumped up Standards-Version to 3.8.1.
- Corrected sections.
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 15 Jun 2009 11:18:23 +0100
Available diffs
- diff from 1.8.7.72-3.1 to 1.8.7.173-1 (73.7 KiB)
| Superseded in karmic-release |
ruby1.8 (1.8.7.72-3.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Add upstream patch to properly check return values of the
OCSP_basic_verify function (CVE-2009-0642; Closes: #522939,#517639)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 12:10:53 +0100
Available diffs
- diff from 1.8.7.72-3 to 1.8.7.72-3.1 (1.0 KiB)
ruby1.8 (1.8.7.72-3) unstable; urgency=medium
* applied debian/patches/905_class_dup_should_copy_constants.dpatch:
- Class#dup should copy constants into the duplicated class.
(closes: #506344)
Available diffs
ruby1.8 (1.8.7.72-1ubuntu0.1) intrepid-proposed; urgency=low
* debian/patches/905_short_named_constants.dpatch: Fix for short-named
constants regression (LP: #282302)
-- Jamie Strandboge <email address hidden> Thu, 20 Nov 2008 13:24:03 -0600
Available diffs
| Superseded in jaunty-release |
ruby1.8 (1.8.7.72-1ubuntu1) jaunty; urgency=low
* debian/patches/905_short_named_constants.dpatch: Fix for short-named
constants regression (LP: #282302)
-- Jamie Strandboge <email address hidden> Mon, 27 Oct 2008 12:18:35 -0500
Available diffs
ruby1.8 (1.8.5-4ubuntu2.3) feisty-security; urgency=low
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/953_CVE-2008-3790.patch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/954_CVE-2008-2376.patch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/955_CVE-2008-3443.patch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/956_CVE-2008-3656.patch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/957_CVE-2008-3905.patch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/958_CVE-2008-3657.patch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/959_CVE-2008-3655.patch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
-- Jamie Strandboge <email address hidden> Thu, 09 Oct 2008 09:28:03 -0500
Available diffs
ruby1.8 (1.8.4-1ubuntu1.6) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/917_CVE-2008-3790.patch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/918_CVE-2008-2376.patch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/919_CVE-2008-3443.patch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/920_CVE-2008-3656.patch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/921_CVE-2008-3905.patch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/922_CVE-2008-3657.patch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/923_CVE-2008-3655.patch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
-- Jamie Strandboge <email address hidden> Thu, 09 Oct 2008 10:32:41 -0500
Available diffs
ruby1.8 (1.8.6.111-2ubuntu1.2) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/102_CVE-2008-3790.dpatch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/103_CVE-2008-2376.dpatch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/104_CVE-2008-3443.dpatch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/105_CVE-2008-3656.dpatch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/106_CVE-2008-3905.dpatch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/107_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/108_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
-- Jamie Strandboge <email address hidden> Tue, 07 Oct 2008 13:34:00 -0500
Available diffs
ruby1.8 (1.8.6.36-1ubuntu3.3) gutsy-security; urgency=low
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/103_CVE-2008-3790.dpatch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/104_CVE-2008-2376.dpatch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/105_CVE-2008-3443.dpatch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/106_CVE-2008-3656.dpatch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/107_CVE-2008-3905.dpatch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/108_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/109_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
-- Jamie Strandboge <email address hidden> Thu, 09 Oct 2008 08:47:35 -0500
Available diffs
ruby1.8 (1.8.7.72-1) unstable; urgency=high
* New upstream release.
- many patches in 1.8.7.22-4 were simply backported from upstream SVN, and
are integrated into that release. We drop those:
+ 103_array_c_r17472_to_r17756.dpatch
+ 810_ruby187p22_fixes.dpatch
+ 811_multiple_vuln_200808.dpatch
- Fixes the following security issues: (Closes: #494401)
* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl
* DNS spoofing vulnerability in resolv.rb (CVE-2008-1447)
* Applied debian/patches/168_rexml_dos.dpatch:
Fix CVE-2008-3790 (REXML expansion DOS). Closes: #496808.
Available diffs
- diff from 1.8.7.22-1 to 1.8.7.72-1 (34.4 KiB)
ruby1.8 (1.8.6.36-1ubuntu3.2) gutsy-security; urgency=low
* SECURITY UPDATE: denial of service or arbitrary code execution via
integer overflows and memory corruption
* debian/patches/102_CVE-2008-2662+2663+2664+2725+2726.dpatch: update
array.c to properly validate the size of an array. Update string.c and
sprintf.c for proper bounds checking
* References:
CVE-2008-2662
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726
LP: #241657
-- Jamie Strandboge <email address hidden> Wed, 25 Jun 2008 15:31:40 -0400
Available diffs
ruby1.8 (1.8.6.111-2ubuntu1.1) hardy-security; urgency=low
* SECURITY UPDATE: denial of service or arbitrary code execution via
integer overflows and memory corruption
* debian/patches/101_CVE-2008-2662+2663+2664+2725+2726.dpatch update array.c
to properly validate the size of an array. Update string.c and sprintf.c
for proper bounds checking
* References:
CVE-2008-2662
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726
LP: #241657
-- Jamie Strandboge <email address hidden> Wed, 25 Jun 2008 15:50:50 -0400
Available diffs
ruby1.8 (1.8.5-4ubuntu2.2) feisty-security; urgency=low
* SECURITY UPDATE: denial of service or arbitrary code execution via
integer overflows and memory corruption
* debian/patches/952_CVE-2008-2662+2663+2664+2725+2726.patch: update array.c
to properly validate the size of an array. Update string.c and sprintf.c
for proper bounds checking
* References:
CVE-2008-2662
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726
LP: #241657
-- Jamie Strandboge <email address hidden> Wed, 25 Jun 2008 15:24:05 -0400
Available diffs
ruby1.8 (1.8.4-1ubuntu1.5) dapper-security; urgency=low
* SECURITY UPDATE: denial of service or arbitrary code execution via
integer overflows and memory corruption
* debian/patches/916_CVE-2008-2662+2663+2664+2725+2726.patch: update array.c
to properly validate the size of an array. Update string.c and sprintf.c
for proper bounds checking. Also modify ruby.h for RARRAY_PTR macro (taken
from 1.8.5-4ubuntu2)
* References:
CVE-2008-2662
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726
LP: #241657
-- Jamie Strandboge <email address hidden> Wed, 25 Jun 2008 15:02:48 -0400
Available diffs
| Superseded in intrepid-release |
ruby1.8 (1.8.7.22-1) unstable; urgency=high
* New upstream release.
* Fixed vulnerability: arbitrary code execution vulnerability and so on
(Closes: #487238)
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 21 Jun 2008 23:16:43 +0100
Available diffs
- diff from 1.8.7.17-1 to 1.8.7.22-1 (11.9 KiB)
| Superseded in intrepid-release |
ruby1.8 (1.8.7.17-1) unstable; urgency=low
* New upstream release.
* removed patches that the upstream has included:
- debian/patches/201_erb_187_release.dpatch
- debian/patches/202_delegate_187_release.dpatch
- debian/patches/203_openssl_ctx_r187_release.dpatch
* debian/watch: it will report 1.8.\d-p\d* versions.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 17 Jun 2008 06:26:15 +0100
Available diffs
- diff from 1.8.7-2 to 1.8.7.17-1 (29.8 KiB)
ruby1.8 (1.8.7-2) unstable; urgency=low
[ Daigo Moriwaki ]
* applied debian/patches/201_erb_187_release.dpatch:
- fixed a bug where tokens are not yilelded one by one.
- fixed a bug caused by strscan incompatibility.
* applied debian/patches/202_delegate_187_release.dpatch:
- fixed a bug caused by marshal.c incompatibility.
[ Lucas Nussbaum ]
* applied debian/patches/203_openssl_ctx_r187_release.dpatch:
- might help with Debian bug #483974
Available diffs
- diff from 1.8.6.111-2ubuntu1 to 1.8.7-2 (713.8 KiB)
ruby1.8 (1.8.6.36-1ubuntu3.1) gutsy-security; urgency=low
* SECURITY UPDATE: SSL connections did not check commonName early
enough, possibly allowing sensitive information to be exposed.
* debian/patches/100_CVE-2007-5162.dpatch: upstream fixes, from
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499
* debian/patches/101_CVE-2007-5770.dpatch: upstream fixes, from
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656
* References:
CVE-2007-5162 CVE-2007-5770 (LP: #149616)
-- Stephan Hermann <email address hidden> Tue, 13 Nov 2007 19:42:37 +0100
ruby1.8 (1.8.5-4ubuntu2.1) feisty-security; urgency=low
* SECURITY UPDATE: SSL connections did not check commonName early
enough, possibly allowing sensitive information to be exposed.
* debian/patches/950_CVE-2007-5162.patch: upstream fixes, from
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499
* debian/patches/951_CVE-2007-5770.patch: upstream fixes, from
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656
* References:
CVE-2007-5162 CVE-2007-5770 (LP: #149616)
-- Stephan Hermann <email address hidden> Tue, 13 Nov 2007 19:42:37 +0100
ruby1.8 (1.8.4-5ubuntu1.3) edgy-security; urgency=low
* SECURITY UPDATE: SSL connections did not check commonName early
enough, possibly allowing sensitive information to be exposed.
* debian/patches/915_CVE-2007-5162.patch: upstream fixes, from
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499
* debian/patches/915_CVE-2007-5770.patch: upstream fixes, from
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656
* References:
CVE-2007-5162 CVE-2007-5770 (LP: #149616)
-- Stephan Hermann <email address hidden> Tue, 13 Nov 2007 19:42:37 +0100
ruby1.8 (1.8.4-1ubuntu1.4) dapper-security; urgency=low
* SECURITY UPDATE: SSL connections did not check commonName early
enough, possibly allowing sensitive information to be exposed.
* debian/patches/915_CVE-2007-5162.patch: upstream fixes, from
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499
* debian/patches/915_CVE-2007-5770.patch: upstream fixes, from
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656
* References:
CVE-2007-5162 CVE-2007-5770 (LP: #149616)
-- Stephan Hermann <email address hidden> Tue, 13 Nov 2007 19:42:37 +0100
ruby1.8 (1.8.6.111-2ubuntu1) hardy; urgency=low
* Merge from debian unstable, remaining changes:
- Adjust configure options for lpia.
- add -g when build with noopt
| 1 → 75 of 108 results | First • Previous • Next • Last |
