Branches for Lucid

Author: Marc Deslauriers
Revision Date: 2010-02-22 16:34:02 UTC

* SECURITY UPDATE: arbitrary code execution via string operations
  - debian/patches/932_CVE-2009-4124.dpatch: calculate lengths properly
    in string.c, add test in test/ruby/test_string.rb.
  - CVE-2009-4124
* SECURITY UPDATE: incorrect log file sanitation in WEBrick (LP: #509392)
  - debian/patches/933_CVE-2009-4492.dpatch: properly escape in
    lib/webrick/{accesslog.rb,httprequest.rb,httpstatus.rb,httputils.rb},
    add test to test/webrick/test_cgi.rb.
  - CVE-2009-4492
* SECURITY UPDATE: denial of service in BigDecimal library via string
  argument that represents a large number (LP: #385436)
  - debian/patches/934_CVE-2009-1904.dpatch: handle large numbers
    properly in ext/bigdecimal/bigdecimal.c.
  - CVE-2009-1904