Change log for ruby1.8 package in Ubuntu
1 → 75 of 108 results | First • Previous • Next • Last |
ruby1.8 (1.8.7.352-2ubuntu1.6) precise-security; urgency=medium * SECURITY UPDATE: denial of service via XML expansion - debian/patches/CVE-2014-8090.patch: add REXML::Document#document to lib/rexml/document.rb, add warning to lib/rexml/entity.rb, added tests to test/rexml/test_document.rb. - CVE-2014-8090 -- Marc Deslauriers <email address hidden> Wed, 19 Nov 2014 15:39:16 -0500
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1.5) precise-security; urgency=medium * SECURITY UPDATE: denial of service via XML expansion - debian/patches/CVE-2014-8080.patch: limit expansions in lib/rexml/entity.rb, added tests to test/rexml/test_document.rb. - CVE-2014-8080 -- Marc Deslauriers <email address hidden> Fri, 31 Oct 2014 13:13:25 -0400
Available diffs
Deleted in trusty-release (Reason: lp: #1303358, remove the ruby1.8 itself) |
Deleted in trusty-proposed (Reason: moved to release) |
ruby1.8 (1.8.7.358-10ubuntu1) trusty; urgency=medium * Merge with Debian; remaining changes: - Build-depend on tcl8.5-dev and tk8.5-dev, ruby is not yet ready for Tcl/Tk 8.6. - Fix safe level bypass (CVE-2012-4466). - Build using the default GCC again, and -fno-optimize-sibling-calls. - Handle multiarch Tcl/Tk. - Build with -fno-tree-dce. This fixes the ruby-ffi build.
Available diffs
ruby1.8 (1.8.7.358-8ubuntu3) trusty; urgency=medium * Build-depend on tcl8.5-dev and tk8.5-dev, ruby is not yet ready for Tcl/Tk 8.6. -- Matthias Klose <email address hidden> Sat, 04 Jan 2014 18:41:47 +0100
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1.4) precise-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via heap overflow in floating point parsing. - debian/patches/CVE-2013-4164.patch: check lengths in util.c. - CVE-2013-4164 -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 09:09:41 -0500
Available diffs
ruby1.8 (1.8.7.358-4ubuntu0.4) quantal-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via heap overflow in floating point parsing. - debian/patches/CVE-2013-4164.patch: check lengths in util.c. - CVE-2013-4164 -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 09:08:25 -0500
Available diffs
ruby1.8 (1.8.7.358-7ubuntu1.2) raring-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via heap overflow in floating point parsing. - debian/patches/CVE-2013-4164.patch: check lengths in util.c. - CVE-2013-4164 -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 09:07:23 -0500
Available diffs
ruby1.8 (1.8.7.358-7ubuntu2.1) saucy-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via heap overflow in floating point parsing. - debian/patches/CVE-2013-4164.patch: check lengths in util.c. - CVE-2013-4164 -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 08:47:29 -0500
Available diffs
Superseded in trusty-release |
Superseded in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
ruby1.8 (1.8.7.358-8ubuntu2) trusty; urgency=low * SECURITY UPDATE: denial of service and possible code execution via heap overflow in floating point parsing. - debian/patches/CVE-2013-4164.patch: check lengths in util.c, added test to test/ruby/test_float.rb. - CVE-2013-4164 -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 08:49:40 -0500
Available diffs
ruby1.8 (1.8.7.358-8ubuntu1) trusty; urgency=low * Resynchronise with Debian. Remaining changes: - Fix safe level bypass (CVE-2012-4466). - Build using the default GCC again, and -fno-optimize-sibling-calls. - Handle multiarch Tcl/Tk. - Build with -fno-tree-dce. This fixes the ruby-ffi build.
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1.3) precise-security; urgency=low * SECURITY UPDATE: incorrect ssl hostname verification - debian/patches/CVE-2013-4073.patch: fix hostname check and regression in ext/openssl/lib/openssl/ssl-internal.rb, added test to test/openssl/test_ssl.rb. - CVE-2013-4073 -- Marc Deslauriers <email address hidden> Mon, 08 Jul 2013 10:17:35 -0400
Available diffs
ruby1.8 (1.8.7.358-4ubuntu0.3) quantal-security; urgency=low * SECURITY UPDATE: incorrect ssl hostname verification - debian/patches/CVE-2013-4073.patch: fix hostname check and regression in ext/openssl/lib/openssl/ssl-internal.rb, added test to test/openssl/test_ssl.rb. - CVE-2013-4073 -- Marc Deslauriers <email address hidden> Mon, 08 Jul 2013 10:16:09 -0400
Available diffs
ruby1.8 (1.8.7.358-7ubuntu1.1) raring-security; urgency=low * SECURITY UPDATE: incorrect ssl hostname verification - debian/patches/CVE-2013-4073.patch: fix hostname check and regression in ext/openssl/lib/openssl/ssl-internal.rb, added test to test/openssl/test_ssl.rb. - CVE-2013-4073 -- Marc Deslauriers <email address hidden> Mon, 08 Jul 2013 10:15:03 -0400
Available diffs
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
ruby1.8 (1.8.7.358-7ubuntu2) saucy; urgency=low * SECURITY UPDATE: incorrect ssl hostname verification - debian/patches/CVE-2013-4073.patch: fix hostname check and regression in ext/openssl/lib/openssl/ssl-internal.rb, added test to test/openssl/test_ssl.rb. - CVE-2013-4073 -- Marc Deslauriers <email address hidden> Mon, 08 Jul 2013 10:11:00 -0400
Available diffs
ruby1.8 (1.8.7.352-2ubuntu0.3) oneiric-security; urgency=low * SECURITY UPDATE: REXML entity expansion DoS - debian/patches/CVE-2013-1821.patch: set an expansion limit in lib/rexml/document.rb, lib/rexml/text.rb, added test to test/rexml/test_document.rb. - Patch taken from Debian's 1.8.7.358-7 - CVE-2013-1821 -- Marc Deslauriers <email address hidden> Fri, 22 Mar 2013 14:57:47 -0400
Available diffs
ruby1.8 (1.8.7.249-2ubuntu0.3) lucid-security; urgency=low * SECURITY UPDATE: REXML entity expansion DoS - debian/patches/CVE-2013-1821.dpatch: set an expansion limit in lib/rexml/document.rb, lib/rexml/text.rb, added test to test/rexml/test_document.rb. - Patch taken from Debian's 1.8.7.358-7 - CVE-2013-1821 -- Marc Deslauriers <email address hidden> Fri, 22 Mar 2013 15:00:28 -0400
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1.2) precise-security; urgency=low * SECURITY UPDATE: REXML entity expansion DoS - debian/patches/CVE-2013-1821.patch: set an expansion limit in lib/rexml/document.rb, lib/rexml/text.rb, added test to test/rexml/test_document.rb. - Patch taken from Debian's 1.8.7.358-7 - CVE-2013-1821 -- Marc Deslauriers <email address hidden> Fri, 22 Mar 2013 14:52:43 -0400
Available diffs
ruby1.8 (1.8.7.358-4ubuntu0.2) quantal-security; urgency=low * SECURITY UPDATE: REXML entity expansion DoS - debian/patches/CVE-2013-1821.patch: set an expansion limit in lib/rexml/document.rb, lib/rexml/text.rb, added test to test/rexml/test_document.rb. - Patch taken from Debian's 1.8.7.358-7 - CVE-2013-1821 -- Marc Deslauriers <email address hidden> Fri, 22 Mar 2013 13:53:06 -0400
Available diffs
Superseded in saucy-release |
Obsolete in raring-release |
Deleted in raring-proposed (Reason: moved to release) |
ruby1.8 (1.8.7.358-7ubuntu1) raring; urgency=low * Resynchronise with Debian. Remaining changes: - Fix safe level bypass (CVE-2012-4466). - Build using the default GCC again, and -fno-optimize-sibling-calls. * Handle multiarch Tcl/Tk. * Build with -fno-tree-dce. This fixes the ruby-ffi build.
Available diffs
ruby1.8 (1.8.7.358-6ubuntu2) raring; urgency=low * Build using the default GCC again. Build using -fno-optimize-sibling-calls. Unchecked if it works without it, but it's not worth for investigating in ruby1.8 anymore. -- Matthias Klose <email address hidden> Sat, 16 Feb 2013 21:00:42 +0100
Available diffs
ruby1.8 (1.8.7.358-6ubuntu1) raring; urgency=low * SECURITY UPDATE: Safe level bypass (LP: #1077223) - debian/patches/CVE-2012-4466.patch: Remove incorrect string taint in exception handling method. Based on upstream patch. - CVE-2012-4466 -- Tyler Hicks <email address hidden> Fri, 09 Nov 2012 14:56:55 -0800
Available diffs
ruby1.8 (1.8.7.358-6) unstable; urgency=high * Timeout the execution of the tests after 2 hours. This should fix the build on kfreebsd-* (Closes: #691793) and hurd. -- Antonio Terceiro <email address hidden> Wed, 31 Oct 2012 22:12:50 +0100
Available diffs
- diff from 1.8.7.358-5 to 1.8.7.358-6 (572 bytes)
ruby1.8 (1.8.7.358-5) unstable; urgency=high * added debian/patches/CVE-2012-4481.patch to fix CVE-2012-4481 (Closes: #689945) -- Antonio Terceiro <email address hidden> Sun, 14 Oct 2012 19:45:52 -0300
Available diffs
- diff from 1.8.7.358-4 to 1.8.7.358-5 (783 bytes)
ruby1.8 (1.8.7.358-4ubuntu0.1) quantal-security; urgency=low * SECURITY UPDATE: Safe level bypasses - debian/patches/CVE-2012-4466_CVE-2012-4481.patch: Remove incorrect string taints in exception handling methods. Based on upstream patch. - CVE-2012-4466 - CVE-2012-4481 -- Tyler Hicks <email address hidden> Thu, 11 Oct 2012 12:00:09 -0700
Available diffs
ruby1.8 (1.8.7.249-2ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: Safe level bypasses - debian/patches/CVE-2012-4466_CVE-2012-4481.dpatch: Remove incorrect string taints in exception handling methods. Based on upstream patch. - CVE-2012-4466 - CVE-2012-4481 -- Tyler Hicks <email address hidden> Wed, 10 Oct 2012 00:53:17 -0700
Available diffs
ruby1.8 (1.8.7.302-2ubuntu0.2) natty-security; urgency=low * SECURITY UPDATE: Safe level bypasses - debian/patches/CVE-2012-4466_CVE-2012-4481.patch: Remove incorrect string taints in exception handling methods. Based on upstream patch. - CVE-2012-4466 - CVE-2012-4481 -- Tyler Hicks <email address hidden> Wed, 10 Oct 2012 00:42:55 -0700
Available diffs
ruby1.8 (1.8.7.352-2ubuntu0.2) oneiric-security; urgency=low * SECURITY UPDATE: Safe level bypasses - debian/patches/CVE-2012-4466_CVE-2012-4481.patch: Remove incorrect string taints in exception handling methods. Based on upstream patch. - CVE-2012-4466 - CVE-2012-4481 -- Tyler Hicks <email address hidden> Wed, 10 Oct 2012 00:37:35 -0700
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1.1) precise-security; urgency=low * SECURITY UPDATE: Safe level bypasses - debian/patches/CVE-2012-4466_CVE-2012-4481.patch: Remove incorrect string taints in exception handling methods. Based on upstream patch. - CVE-2012-4466 - CVE-2012-4481 -- Tyler Hicks <email address hidden> Wed, 10 Oct 2012 00:28:52 -0700
Available diffs
ruby1.8 (1.8.7.358-4) unstable; urgency=low * debian/rules: avoid running DRB tests, since they crash and leave runaway processes that make buildds hang forever. With this, I expect that we don't need to set timeouts for the test suite at all (Closes: #674942). * Added patch by Steven Chamberlain to make ruby1.8-dev depend on gcc-4.6, since Ruby will hard code that as the compiler for building C extensions. Any C extension will FTBFS if gcc-4.6 is not installed (Closes: #675347). -- Antonio Terceiro <email address hidden> Fri, 01 Jun 2012 22:44:42 -0300
Available diffs
ruby1.8 (1.8.7.352-2ubuntu1) precise; urgency=low * SECURITY UPDATE: Denial of service via crafted hash table keys (LP: #943451) - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing algorithm to prevent predictable results when inserting objects into a hash table. Based on upstream patch. - CVE-2011-4815 -- Tyler Hicks <email address hidden> Wed, 29 Feb 2012 12:11:48 -0600
Available diffs
ruby1.8 (1.8.7.249-2ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: Cross-site scripting via HTTP error responses - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character set for HTTP error responses. Based on upstream patch. - CVE-2010-0541 * SECURITY UPDATE: Arbitrary code execution and denial of service - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory corruption during allocation. Based on upstream patch. - CVE-2011-0188 * SECURITY UPDATE: Arbitrary file deletion due to symlink race - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather than recursively removing everything underneath the symlink destination. Based on upstream patch. - CVE-2011-1004 * SECURITY UPDATE: Safe level bypass - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint in exception handling methods. Based on upstream patch. - CVE-2011-1005 * SECURITY UPDATE: Predictable random number generation - debian/patches/CVE-2011-2686.patch: Reseed the random number generator each time a child process is created. Based on upstream patch. - CVE-2011-2686 * SECURITY UPDATE: Predicatable random number generation - debian/patches/CVE-2011-2705.patch: Reseed the random number generator with the pid number and the current time to prevent predictable random numbers in the case of pid number rollover. Based on upstream patch. - CVE-2011-2705 * SECURITY UPDATE: Denial of service via crafted hash table keys - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing algorithm to prevent predictable results when inserting objects into a hash table. Based on upstream patch. - CVE-2011-4815 -- Tyler Hicks <email address hidden> Tue, 21 Feb 2012 16:28:51 -0600
Available diffs
ruby1.8 (1.8.7.299-2ubuntu0.1) maverick-security; urgency=low * SECURITY UPDATE: Cross-site scripting via HTTP error responses - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character set for HTTP error responses. Based on upstream patch. - CVE-2010-0541 * SECURITY UPDATE: Arbitrary code execution and denial of service - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory corruption during allocation. Based on upstream patch. - CVE-2011-0188 * SECURITY UPDATE: Arbitrary file deletion due to symlink race - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather than recursively removing everything underneath the symlink destination. Based on upstream patch. - CVE-2011-1004 * SECURITY UPDATE: Safe level bypass - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint in exception handling methods. Based on upstream patch. - CVE-2011-1005 * SECURITY UPDATE: Predictable random number generation - debian/patches/CVE-2011-2686.patch: Reseed the random number generator each time a child process is created. Based on upstream patch. - CVE-2011-2686 * SECURITY UPDATE: Predicatable random number generation - debian/patches/CVE-2011-2705.patch: Reseed the random number generator with the pid number and the current time to prevent predictable random numbers in the case of pid number rollover. Based on upstream patch. - CVE-2011-2705 * SECURITY UPDATE: Denial of service via crafted hash table keys - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing algorithm to prevent predictable results when inserting objects into a hash table. Based on upstream patch. - CVE-2011-4815 -- Tyler Hicks <email address hidden> Tue, 21 Feb 2012 16:28:51 -0600
Available diffs
ruby1.8 (1.8.7.302-2ubuntu0.1) natty-security; urgency=low * SECURITY UPDATE: Arbitrary code execution and denial of service - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory corruption during allocation. Based on upstream patch. - CVE-2011-0188 * SECURITY UPDATE: Arbitrary file deletion due to symlink race - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather than recursively removing everything underneath the symlink destination. Based on upstream patch. - CVE-2011-1004 * SECURITY UPDATE: Safe level bypass - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint in exception handling methods. Based on upstream patch. - CVE-2011-1005 * SECURITY UPDATE: Predictable random number generation - debian/patches/CVE-2011-2686.patch: Reseed the random number generator each time a child process is created. Based on upstream patch. - CVE-2011-2686 * SECURITY UPDATE: Predicatable random number generation - debian/patches/CVE-2011-2705.patch: Reseed the random number generator with the pid number and the current time to prevent predictable random numbers in the case of pid number rollover. Based on upstream patch. - CVE-2011-2705 * SECURITY UPDATE: Denial of service via crafted hash table keys - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing algorithm to prevent predictable results when inserting objects into a hash table. Based on upstream patch. - CVE-2011-4815 -- Tyler Hicks <email address hidden> Tue, 21 Feb 2012 16:28:51 -0600
Available diffs
ruby1.8 (1.8.7.352-2ubuntu0.1) oneiric-security; urgency=low * SECURITY UPDATE: Denial of service via crafted hash table keys - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing algorithm to prevent predictable results when inserting objects into a hash table. Based on upstream patch. - CVE-2011-4815 -- Tyler Hicks <email address hidden> Tue, 21 Feb 2012 16:28:51 -0600
Available diffs
ruby1.8 (1.8.7.352-2) unstable; urgency=low * Add -fno-tree-sra on armel. Workaround that Closes: #634260 -- Lucas Nussbaum <email address hidden> Sun, 24 Jul 2011 12:30:48 +0200
Superseded in oneiric-release |
ruby1.8 (1.8.7.334-5) unstable; urgency=low * Build depend on libreadline-gplv2-dev instead of libreadline5-dev. Ruby is dual-licensed under GPLv2 (only) || Ruby license, so we cannot use libreadline6-dev. Closes: #625855 -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 16 May 2011 07:50:58 +0000
Available diffs
- diff from 1.8.7.334-4 to 1.8.7.334-5 (762 bytes)
Superseded in oneiric-release |
ruby1.8 (1.8.7.334-4) unstable; urgency=low * Drop ruby1.8-elisp. The Ruby emacs mode is now provided in emacs 23. All the open bugs were mentioned to an upstream developer, who fixed the ones that still affected ruby-mode. Closes: #502926, #527266, #192647, #282796, #366045, #373199, #411173. Closes: #468952, #619754, #489355. * Add patch 110411_disable_osslv2.patch Disables SSLv2. Closes: #621509 * Move the ri1.8 binary and manpage to the ruby1.8 package. ri1.8 still exists, but only contains the documentation. This is needed to Closes: #621058. * Make libruby1.8 Conflict, Replace irb1.8, rdoc1.8. Closes: #608582
Available diffs
- diff from 1.8.7.302-2 to 1.8.7.334-4 (29.3 KiB)
ruby1.8 (1.8.7.302-2) unstable; urgency=high * Add debian/patches/100901_threading_fixes.patch. Fixes threading problems on Debian GNU/kFreeBSD exhibited by puppet. Thanks to Petr Salinger and Aurélien Jarno. Closes: #595034
Available diffs
- diff from 1.8.7.299-2 to 1.8.7.302-2 (2.8 KiB)
ruby1.8 (1.8.7.299-2) unstable; urgency=low * Convert from dpatch to quilt using dpatch2quilt.sh * Add patch 100730_disable_getsetcontext_on_nptl: disable getsetcontext on NPTL. LP: #307462, Closes: #579229 * Added 100730_verbose-tests.patch: run tests in verbose mode. * Run make test-all, but do not consider failures fatal for now. * Upgrade to Standards-Version: 3.9.1. No changes needed. * Deal with Ubuntu changing the GCC target to i686-linux-gnu: search for libs in i486-linux too. LP: #611322. -- Lucas Nussbaum <email address hidden> Fri, 30 Jul 2010 17:45:14 -0400
Available diffs
- diff from 1.8.7.299-1 to 1.8.7.299-2 (9.4 KiB)
Superseded in maverick-release |
ruby1.8 (1.8.7.299-1) unstable; urgency=low * New upstream release * Removed patches that the upstrem has applied: - debian/patches/100312_timeout-fix.dpatch - debian/patches/100620_fix_pathname_warning.dpatch - debian/patches/100620_fix_super_called_outside_of_method.dpatch -- Mikhail Turov <email address hidden> Sun, 27 Jun 2010 22:16:44 +0900
Available diffs
- diff from 1.8.7.249-4 to 1.8.7.299-1 (170.9 KiB)
Superseded in maverick-release |
ruby1.8 (1.8.7.249-4) unstable; urgency=low [ Lucas Nussbaum ] * Make ruby1.8 depend on exactly the same version of libruby1.8 after private discussion with Alex Legler. This avoids confusing situations for users. * Update debian/patches/100312_timeout-fix.dpatch after discussion with Petr Salinger. Treat FreeBSD the same as Linux. Closes: #580464 [ Daigo Moriwaki ] * Removed debian/patches/091125_gc_check.dpatch, which the upstream has applied. (Closes: #586374) * Added debian/patches/100620_fix_pathname_warning.dpatch, which was backported from the upstream r23485. (Closes: #566611) * Added debian/patches/100620_fix_super_called_outside_of_method.dpatch, which was backported from the upstream r26534:26536. (Closes: #568597) -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 22 Jun 2010 08:41:03 +0100
Available diffs
- diff from 1.8.7.249-3 to 1.8.7.249-4 (3.8 KiB)
Superseded in maverick-release |
ruby1.8 (1.8.7.249-3) unstable; urgency=low * Fix sections. Agree with ftpmasters. * Update debian/copyright. Clarify that Ruby is GPLv2, not just "GPL". * Merge lib{dbm,gdbm,readline,openssl}-ruby1.8 into libruby1.8. * Merge irb1.8 and rdoc1.8 into ruby1.8. * Update lintian override. * Update debian/copyright. * Upgrade to Standards-Version: 3.8.4. No changes needed. * Add README.source. * Fix not-binnmuable-all-depends-any lintian warning. * Add lintian override for package-name-doesnt-match-sonames. * Remove duplicate section/priority stanzas. * Fix a few minor problems in manpages. -- Ubuntu Archive Auto-Sync <email address hidden> Sun, 09 May 2010 14:01:54 +0100
Available diffs
- diff from 1.8.7.249-2 to 1.8.7.249-3 (4.5 KiB)
ruby1.8 (1.8.7.249-2) unstable; urgency=low * Add 100312_timeout-fix.dpatch: Backport upstream change to fix problem with threads and timeouts. Closes: #539987 -- Lucas Nussbaum <email address hidden> Fri, 19 Mar 2010 17:34:57 +0000
Available diffs
Superseded in lucid-release |
ruby1.8 (1.8.7.249-1ubuntu1) lucid; urgency=low * Move libreadline5-dev build dependency to libreadline-dev, to build against libreadline6. (Debian #553843) -- Martin Pitt <email address hidden> Mon, 08 Mar 2010 14:54:04 +0100
Available diffs
- diff from 1.8.7.249-1 to 1.8.7.249-1ubuntu1 (729 bytes)
Superseded in lucid-release |
ruby1.8 (1.8.7.249-1) unstable; urgency=high * New upstream release. * The upstream has fixed a vulnerability in WEBrick, a part of Ruby's standard library. WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator.
Available diffs
- diff from 1.8.7.174-3 to 1.8.7.249-1 (37.4 KiB)
Superseded in lucid-release |
ruby1.8 (1.8.7.174-3) unstable; urgency=low * Added debian/patches/091125_gc_check.dpatch: applied Bryan's patch to fix garbage collector seg faults under race conditions. (upstream issue #2326) Thans to Bryan McLellan. (Closes: #557924) -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 12 Dec 2009 14:55:10 +0000
Available diffs
- diff from 1.8.7.174-2 to 1.8.7.174-3 (790 bytes)
ruby1.8 (1.8.7.174-1ubuntu1) karmic-proposed; urgency=medium * Added debian/patches/091125_gc_check.dpatch: Avoid segv on gc run whe heap fills up with deferred objects. (LP: #488115) * Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an object cloned. (LP: #484756) -- Bryan McLellan <email address hidden> Tue, 01 Dec 2009 03:33:13 -0800
Available diffs
Superseded in lucid-release |
ruby1.8 (1.8.7.174-2) unstable; urgency=medium [ akira yamada ] * Added debian/patches/090811_thread_and_select.dpatch: threads may hangup when IO.select called from two or more threads. * Added debian/patches/090812_finalizer_at_exit.dpatch: finalizers should be run at exit (Closes: #534241) * Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an object cloned. (Closes: #533329) * Added debian/patches/090812_eval_long_exp_segv.dpatch: fix segv when eval a long expression. (Closes: #510561) * Added debian/patches/090812_openssl_x509_warning.dpatch: suppress warning from OpenSSL::X509::ExtensionFactory. (Closes: #489443) [ Lucas Nussbaum ] * Removed Fumitoshi UKAI <email address hidden> from Uploaders. Thanks a lot for the past help! Closes: #541037 [ Daigo Moriwaki ] * debian/fixshebang.sh: skip non-text files, which works around hanging of sed on scanning gif images. * Bumped up Standards-Version to 3.8.2. -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 06 Nov 2009 10:33:52 +0000
Available diffs
- diff from 1.8.7.174-1 to 1.8.7.174-2 (5.3 KiB)
ruby1.8 (1.8.7.72-3ubuntu0.1) jaunty-security; urgency=low * SECURITY UPDATE: certificate spoofing via invalid return value check in OCSP_basic_verify - debian/patches/906_security_CVE-2009-0642.dpatch: also check for -1 return code in ext/openssl/ossl_ocsp.c. - CVE-2009-0642 * SECURITY UPDATE: denial of service in BigDecimal library via string argument that represents a large number (LP: #385436) - debian/patches/907_security_CVE-2009-1904.dpatch: handle large numbers properly in ext/bigdecimal/bigdecimal.c. - CVE-2009-1904 -- Marc Deslauriers <email address hidden> Wed, 15 Jul 2009 10:38:14 -0400
Available diffs
ruby1.8 (1.8.7.72-1ubuntu0.2) intrepid-security; urgency=low * SECURITY UPDATE: certificate spoofing via invalid return value check in OCSP_basic_verify - debian/patches/906_security_CVE-2009-0642.dpatch: also check for -1 return code in ext/openssl/ossl_ocsp.c. - CVE-2009-0642 * SECURITY UPDATE: denial of service in BigDecimal library via string argument that represents a large number (LP: #385436) - debian/patches/907_security_CVE-2009-1904.dpatch: handle large numbers properly in ext/bigdecimal/bigdecimal.c. - CVE-2009-1904 -- Marc Deslauriers <email address hidden> Wed, 15 Jul 2009 11:49:36 -0400
Available diffs
ruby1.8 (1.8.6.111-2ubuntu1.3) hardy-security; urgency=low * SECURITY UPDATE: certificate spoofing via invalid return value check in OCSP_basic_verify - debian/patches/904_security_CVE-2009-0642.dpatch: also check for -1 return code in ext/openssl/ossl_ocsp.c. - CVE-2009-0642 * SECURITY UPDATE: denial of service in BigDecimal library via string argument that represents a large number (LP: #385436) - debian/patches/905_security_CVE-2009-1904.dpatch: handle large numbers properly in ext/bigdecimal/bigdecimal.c. - CVE-2009-1904 -- Marc Deslauriers <email address hidden> Wed, 15 Jul 2009 13:06:03 -0400
Available diffs
ruby1.8 (1.8.4-1ubuntu1.7) dapper-security; urgency=low * SECURITY UPDATE: certificate spoofing via invalid return value check in OCSP_basic_verify - debian/patches/924_CVE-2009-0642.patch: also check for -1 return code in ext/openssl/ossl_ocsp.c. - CVE-2009-0642 * SECURITY UPDATE: denial of service in BigDecimal library via string argument that represents a large number (LP: #385436) - debian/patches/925_CVE-2009-1904.patch: handle large numbers properly in ext/bigdecimal/bigdecimal.c. - CVE-2009-1904 -- Marc Deslauriers <email address hidden> Wed, 15 Jul 2009 13:31:57 -0400
Available diffs
ruby1.8 (1.8.7.174-1) unstable; urgency=low * New upstream release. -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 18 Jun 2009 08:33:17 +0100
Available diffs
- diff from 1.8.7.173-1 to 1.8.7.174-1 (1.2 KiB)
Superseded in karmic-release |
ruby1.8 (1.8.7.173-1) unstable; urgency=high * New upstream release. * removed unnecessary patchs under debian/patches: - 168_rexml_dos.dpatch - 801_update_sample_README - 807_sync_try_lock_always_fail.dpatch - 905_class_dup_should_copy_constants.dpatch - 090301_r22646_OCSP_basic_verify.dpatch * Added a patch: debian/patches/090613_exclude_rdoc.dpatch * Added debian/libopenssl-ruby1.8.lintian-overrides * The upstream has fixed the DoS vulnerability in BigDecimal Ruby Library (CVE-2009-1904; Closes: #532689) * debian/control: - Bumped up Standards-Version to 3.8.1. - Corrected sections. -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 15 Jun 2009 11:18:23 +0100
Available diffs
- diff from 1.8.7.72-3.1 to 1.8.7.173-1 (73.7 KiB)
Superseded in karmic-release |
ruby1.8 (1.8.7.72-3.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Add upstream patch to properly check return values of the OCSP_basic_verify function (CVE-2009-0642; Closes: #522939,#517639) -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 12:10:53 +0100
Available diffs
- diff from 1.8.7.72-3 to 1.8.7.72-3.1 (1.0 KiB)
ruby1.8 (1.8.7.72-3) unstable; urgency=medium * applied debian/patches/905_class_dup_should_copy_constants.dpatch: - Class#dup should copy constants into the duplicated class. (closes: #506344)
Available diffs
ruby1.8 (1.8.7.72-1ubuntu0.1) intrepid-proposed; urgency=low * debian/patches/905_short_named_constants.dpatch: Fix for short-named constants regression (LP: #282302) -- Jamie Strandboge <email address hidden> Thu, 20 Nov 2008 13:24:03 -0600
Available diffs
Superseded in jaunty-release |
ruby1.8 (1.8.7.72-1ubuntu1) jaunty; urgency=low * debian/patches/905_short_named_constants.dpatch: Fix for short-named constants regression (LP: #282302) -- Jamie Strandboge <email address hidden> Mon, 27 Oct 2008 12:18:35 -0500
Available diffs
ruby1.8 (1.8.5-4ubuntu2.3) feisty-security; urgency=low * SECURITY UPDATE: denial of service via resource exhaustion in the REXML module (LP: #261459) - debian/patches/953_CVE-2008-3790.patch: adjust rexml/document.rb and rexml/entity.rb to use expansion limits - CVE-2008-3790 * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of service (LP: #246818) - debian/patches/954_CVE-2008-2376.patch: adjust array.c to properly check argument length - CVE-2008-2376 * SECURITY UPDATE: denial of service via multiple long requests to a Ruby socket - debian/patches/955_CVE-2008-3443.patch: adjust regex.c to not use ruby managed memory and check for allocation failures - CVE-2008-3443 * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122) - debian/patches/956_CVE-2008-3656.patch: update webrick/httputils.rb to properly check paths ending with '.' - CVE-2008-3656 * SECURITY UPDATE: predictable transaction id and source port for DNS requests (separate vulnerability from CVE-2008-1447) - debian/patches/957_CVE-2008-3905.patch: adjust resolv.rb to use SecureRandom for transaction id and source port - CVE-2008-3905 * SECURITY UPDATE: safe level bypass via DL.dlopen - debian/patches/958_CVE-2008-3657.patch: adjust rb_str_to_ptr and rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to propogate taint and check taintness of DLPtrData - CVE-2008-3657 * SECURITY UPDATE: safe level bypass via multiple vectors - debian/patches/959_CVE-2008-3655.patch: use rb_secure(4) in variable.c and syslog.c, check for secure level 3 or higher in eval.c and make sure PROGRAM_NAME can't be modified - CVE-2008-3655 -- Jamie Strandboge <email address hidden> Thu, 09 Oct 2008 09:28:03 -0500
Available diffs
ruby1.8 (1.8.4-1ubuntu1.6) dapper-security; urgency=low * SECURITY UPDATE: denial of service via resource exhaustion in the REXML module (LP: #261459) - debian/patches/917_CVE-2008-3790.patch: adjust rexml/document.rb and rexml/entity.rb to use expansion limits - CVE-2008-3790 * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of service (LP: #246818) - debian/patches/918_CVE-2008-2376.patch: adjust array.c to properly check argument length - CVE-2008-2376 * SECURITY UPDATE: denial of service via multiple long requests to a Ruby socket - debian/patches/919_CVE-2008-3443.patch: adjust regex.c to not use ruby managed memory and check for allocation failures - CVE-2008-3443 * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122) - debian/patches/920_CVE-2008-3656.patch: update webrick/httputils.rb to properly check paths ending with '.' - CVE-2008-3656 * SECURITY UPDATE: predictable transaction id and source port for DNS requests (separate vulnerability from CVE-2008-1447) - debian/patches/921_CVE-2008-3905.patch: adjust resolv.rb to use SecureRandom for transaction id and source port - CVE-2008-3905 * SECURITY UPDATE: safe level bypass via DL.dlopen - debian/patches/922_CVE-2008-3657.patch: adjust rb_str_to_ptr and rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to propogate taint and check taintness of DLPtrData - CVE-2008-3657 * SECURITY UPDATE: safe level bypass via multiple vectors - debian/patches/923_CVE-2008-3655.patch: use rb_secure(4) in variable.c and syslog.c, check for secure level 3 or higher in eval.c and make sure PROGRAM_NAME can't be modified - CVE-2008-3655 -- Jamie Strandboge <email address hidden> Thu, 09 Oct 2008 10:32:41 -0500
Available diffs
ruby1.8 (1.8.6.111-2ubuntu1.2) hardy-security; urgency=low * SECURITY UPDATE: denial of service via resource exhaustion in the REXML module (LP: #261459) - debian/patches/102_CVE-2008-3790.dpatch: adjust rexml/document.rb and rexml/entity.rb to use expansion limits - CVE-2008-3790 * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of service (LP: #246818) - debian/patches/103_CVE-2008-2376.dpatch: adjust array.c to properly check argument length - CVE-2008-2376 * SECURITY UPDATE: denial of service via multiple long requests to a Ruby socket - debian/patches/104_CVE-2008-3443.dpatch: adjust regex.c to not use ruby managed memory and check for allocation failures - CVE-2008-3443 * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122) - debian/patches/105_CVE-2008-3656.dpatch: update webrick/httputils.rb to properly check paths ending with '.' - CVE-2008-3656 * SECURITY UPDATE: predictable transaction id and source port for DNS requests (separate vulnerability from CVE-2008-1447) - debian/patches/106_CVE-2008-3905.dpatch: adjust resolv.rb to use SecureRandom for transaction id and source port - CVE-2008-3905 * SECURITY UPDATE: safe level bypass via DL.dlopen - debian/patches/107_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to propogate taint and check taintness of DLPtrData - CVE-2008-3657 * SECURITY UPDATE: safe level bypass via multiple vectors - debian/patches/108_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c and syslog.c, check for secure level 3 or higher in eval.c and make sure PROGRAM_NAME can't be modified - CVE-2008-3655 -- Jamie Strandboge <email address hidden> Tue, 07 Oct 2008 13:34:00 -0500
Available diffs
ruby1.8 (1.8.6.36-1ubuntu3.3) gutsy-security; urgency=low * SECURITY UPDATE: denial of service via resource exhaustion in the REXML module (LP: #261459) - debian/patches/103_CVE-2008-3790.dpatch: adjust rexml/document.rb and rexml/entity.rb to use expansion limits - CVE-2008-3790 * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of service (LP: #246818) - debian/patches/104_CVE-2008-2376.dpatch: adjust array.c to properly check argument length - CVE-2008-2376 * SECURITY UPDATE: denial of service via multiple long requests to a Ruby socket - debian/patches/105_CVE-2008-3443.dpatch: adjust regex.c to not use ruby managed memory and check for allocation failures - CVE-2008-3443 * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122) - debian/patches/106_CVE-2008-3656.dpatch: update webrick/httputils.rb to properly check paths ending with '.' - CVE-2008-3656 * SECURITY UPDATE: predictable transaction id and source port for DNS requests (separate vulnerability from CVE-2008-1447) - debian/patches/107_CVE-2008-3905.dpatch: adjust resolv.rb to use SecureRandom for transaction id and source port - CVE-2008-3905 * SECURITY UPDATE: safe level bypass via DL.dlopen - debian/patches/108_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to propogate taint and check taintness of DLPtrData - CVE-2008-3657 * SECURITY UPDATE: safe level bypass via multiple vectors - debian/patches/109_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c and syslog.c, check for secure level 3 or higher in eval.c and make sure PROGRAM_NAME can't be modified - CVE-2008-3655 -- Jamie Strandboge <email address hidden> Thu, 09 Oct 2008 08:47:35 -0500
Available diffs
ruby1.8 (1.8.7.72-1) unstable; urgency=high * New upstream release. - many patches in 1.8.7.22-4 were simply backported from upstream SVN, and are integrated into that release. We drop those: + 103_array_c_r17472_to_r17756.dpatch + 810_ruby187p22_fixes.dpatch + 811_multiple_vuln_200808.dpatch - Fixes the following security issues: (Closes: #494401) * Several vulnerabilities in safe level * DoS vulnerability in WEBrick * Lack of taintness check in dl * DNS spoofing vulnerability in resolv.rb (CVE-2008-1447) * Applied debian/patches/168_rexml_dos.dpatch: Fix CVE-2008-3790 (REXML expansion DOS). Closes: #496808.
Available diffs
- diff from 1.8.7.22-1 to 1.8.7.72-1 (34.4 KiB)
ruby1.8 (1.8.6.36-1ubuntu3.2) gutsy-security; urgency=low * SECURITY UPDATE: denial of service or arbitrary code execution via integer overflows and memory corruption * debian/patches/102_CVE-2008-2662+2663+2664+2725+2726.dpatch: update array.c to properly validate the size of an array. Update string.c and sprintf.c for proper bounds checking * References: CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 LP: #241657 -- Jamie Strandboge <email address hidden> Wed, 25 Jun 2008 15:31:40 -0400
Available diffs
ruby1.8 (1.8.6.111-2ubuntu1.1) hardy-security; urgency=low * SECURITY UPDATE: denial of service or arbitrary code execution via integer overflows and memory corruption * debian/patches/101_CVE-2008-2662+2663+2664+2725+2726.dpatch update array.c to properly validate the size of an array. Update string.c and sprintf.c for proper bounds checking * References: CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 LP: #241657 -- Jamie Strandboge <email address hidden> Wed, 25 Jun 2008 15:50:50 -0400
Available diffs
ruby1.8 (1.8.5-4ubuntu2.2) feisty-security; urgency=low * SECURITY UPDATE: denial of service or arbitrary code execution via integer overflows and memory corruption * debian/patches/952_CVE-2008-2662+2663+2664+2725+2726.patch: update array.c to properly validate the size of an array. Update string.c and sprintf.c for proper bounds checking * References: CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 LP: #241657 -- Jamie Strandboge <email address hidden> Wed, 25 Jun 2008 15:24:05 -0400
Available diffs
ruby1.8 (1.8.4-1ubuntu1.5) dapper-security; urgency=low * SECURITY UPDATE: denial of service or arbitrary code execution via integer overflows and memory corruption * debian/patches/916_CVE-2008-2662+2663+2664+2725+2726.patch: update array.c to properly validate the size of an array. Update string.c and sprintf.c for proper bounds checking. Also modify ruby.h for RARRAY_PTR macro (taken from 1.8.5-4ubuntu2) * References: CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 LP: #241657 -- Jamie Strandboge <email address hidden> Wed, 25 Jun 2008 15:02:48 -0400
Available diffs
Superseded in intrepid-release |
ruby1.8 (1.8.7.22-1) unstable; urgency=high * New upstream release. * Fixed vulnerability: arbitrary code execution vulnerability and so on (Closes: #487238) -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 21 Jun 2008 23:16:43 +0100
Available diffs
- diff from 1.8.7.17-1 to 1.8.7.22-1 (11.9 KiB)
Superseded in intrepid-release |
ruby1.8 (1.8.7.17-1) unstable; urgency=low * New upstream release. * removed patches that the upstream has included: - debian/patches/201_erb_187_release.dpatch - debian/patches/202_delegate_187_release.dpatch - debian/patches/203_openssl_ctx_r187_release.dpatch * debian/watch: it will report 1.8.\d-p\d* versions. -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 17 Jun 2008 06:26:15 +0100
Available diffs
- diff from 1.8.7-2 to 1.8.7.17-1 (29.8 KiB)
ruby1.8 (1.8.7-2) unstable; urgency=low [ Daigo Moriwaki ] * applied debian/patches/201_erb_187_release.dpatch: - fixed a bug where tokens are not yilelded one by one. - fixed a bug caused by strscan incompatibility. * applied debian/patches/202_delegate_187_release.dpatch: - fixed a bug caused by marshal.c incompatibility. [ Lucas Nussbaum ] * applied debian/patches/203_openssl_ctx_r187_release.dpatch: - might help with Debian bug #483974
Available diffs
- diff from 1.8.6.111-2ubuntu1 to 1.8.7-2 (713.8 KiB)
ruby1.8 (1.8.6.36-1ubuntu3.1) gutsy-security; urgency=low * SECURITY UPDATE: SSL connections did not check commonName early enough, possibly allowing sensitive information to be exposed. * debian/patches/100_CVE-2007-5162.dpatch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499 * debian/patches/101_CVE-2007-5770.dpatch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656 * References: CVE-2007-5162 CVE-2007-5770 (LP: #149616) -- Stephan Hermann <email address hidden> Tue, 13 Nov 2007 19:42:37 +0100
ruby1.8 (1.8.5-4ubuntu2.1) feisty-security; urgency=low * SECURITY UPDATE: SSL connections did not check commonName early enough, possibly allowing sensitive information to be exposed. * debian/patches/950_CVE-2007-5162.patch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499 * debian/patches/951_CVE-2007-5770.patch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656 * References: CVE-2007-5162 CVE-2007-5770 (LP: #149616) -- Stephan Hermann <email address hidden> Tue, 13 Nov 2007 19:42:37 +0100
ruby1.8 (1.8.4-5ubuntu1.3) edgy-security; urgency=low * SECURITY UPDATE: SSL connections did not check commonName early enough, possibly allowing sensitive information to be exposed. * debian/patches/915_CVE-2007-5162.patch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499 * debian/patches/915_CVE-2007-5770.patch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656 * References: CVE-2007-5162 CVE-2007-5770 (LP: #149616) -- Stephan Hermann <email address hidden> Tue, 13 Nov 2007 19:42:37 +0100
ruby1.8 (1.8.4-1ubuntu1.4) dapper-security; urgency=low * SECURITY UPDATE: SSL connections did not check commonName early enough, possibly allowing sensitive information to be exposed. * debian/patches/915_CVE-2007-5162.patch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499 * debian/patches/915_CVE-2007-5770.patch: upstream fixes, from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656 * References: CVE-2007-5162 CVE-2007-5770 (LP: #149616) -- Stephan Hermann <email address hidden> Tue, 13 Nov 2007 19:42:37 +0100
ruby1.8 (1.8.6.111-2ubuntu1) hardy; urgency=low * Merge from debian unstable, remaining changes: - Adjust configure options for lpia. - add -g when build with noopt
1 → 75 of 108 results | First • Previous • Next • Last |