lp:ubuntu/lucid-security/ruby1.8
- Get this branch:
- bzr branch lp:ubuntu/lucid-security/ruby1.8
Branch merges
Branch information
Recent revisions
- 35. By Tyler Hicks
-
* SECURITY UPDATE: Cross-site scripting via HTTP error responses
- debian/patches/ CVE-2010- 0541.patch: Use the ISO-8859-1 character
set for HTTP error responses. Based on upstream patch.
- CVE-2010-0541
* SECURITY UPDATE: Arbitrary code execution and denial of service
- debian/patches/ CVE-2011- 0188.patch: Remove cast to prevent memory
corruption during allocation. Based on upstream patch.
- CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
- debian/patches/ CVE-2011- 1004.patch: Unlink the symlink rather
than recursively removing everything underneath the symlink
destination. Based on upstream patch.
- CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
- debian/patches/ CVE-2011- 1005.patch: Remove incorrect string taint
in exception handling methods. Based on upstream patch.
- CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
- debian/patches/ CVE-2011- 2686.patch: Reseed the random number
generator each time a child process is created. Based on upstream
patch.
- CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
- debian/patches/ CVE-2011- 2705.patch: Reseed the random number
generator with the pid number and the current time to prevent
predictable random numbers in the case of pid number rollover. Based on
upstream patch.
- CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
- debian/patches/ CVE-2011- 4815.patch: Add randomness to the key hashing
algorithm to prevent predictable results when inserting objects into a
hash table. Based on upstream patch.
- CVE-2011-4815 - 34. By Lucas Nussbaum
-
Add 100312_
timeout- fix.dpatch: Backport upstream change to fix
problem with threads and timeouts. Closes: #539987 - 33. By Martin Pitt
-
Move libreadline5-dev build dependency to libreadline-dev, to build
against libreadline6. (Debian #553843) - 32. By daigo
-
* New upstream release.
* The upstream has fixed a vulnerability in WEBrick, a part of Ruby's
standard library. WEBrick lets attackers to inject malicious escape
sequences to its logs, making it possible for dangerous control characters
to be executed on a victim's terminal emulator. - 31. By daigo
-
Added debian/
patches/ 091125_ gc_check. dpatch: applied Bryan's patch to fix
garbage collector seg faults under race conditions. (upstream issue #2326)
Thans to Bryan McLellan. (Closes: #557924) - 30. By daigo
-
[ akira yamada ]
* Added debian/patches/ 090811_ thread_ and_select. dpatch: threads may hangup
when IO.select called from two or more threads.
* Added debian/patches/ 090812_ finalizer_ at_exit. dpatch: finalizers should be
run at exit (Closes: #534241)
* Added debian/patches/ 090812_ class_clone_ segv.dpatch: avoid segv when an
object cloned. (Closes: #533329)
* Added debian/patches/ 090812_ eval_long_ exp_segv. dpatch: fix segv when eval
a long expression. (Closes: #510561)
* Added debian/patches/ 090812_ openssl_ x509_warning. dpatch: suppress warning
from OpenSSL::X509:: ExtensionFactor y. (Closes: #489443) [ Lucas Nussbaum ]
* Removed Fumitoshi UKAI <email address hidden> from Uploaders. Thanks a
lot for the past help! Closes: #541037[ Daigo Moriwaki ]
* debian/fixshebang. sh: skip non-text files, which works around hanging of
sed on scanning gif images.
* Bumped up Standards-Version to 3.8.2. - 28. By daigo
-
[ akira yamada ]
* Added debian/patches/ 090811_ thread_ and_select. dpatch: threads may hangup
when IO.select called from two or more threads.
* Added debian/patches/ 090812_ finalizer_ at_exit. dpatch: finalizers should be
run at exit (Closes: #534241)
* Added debian/patches/ 090812_ class_clone_ segv.dpatch: avoid segv when an
object cloned. (Closes: #533329)
* Added debian/patches/ 090812_ eval_long_ exp_segv. dpatch: fix segv when eval
a long expression. (Closes: #510561)
* Added debian/patches/ 090812_ openssl_ x509_warning. dpatch: suppress warning
from OpenSSL::X509:: ExtensionFactor y. (Closes: #489443) [ Lucas Nussbaum ]
* Removed Fumitoshi UKAI <email address hidden> from Uploaders. Thanks a
lot for the past help! Closes: #541037[ Daigo Moriwaki ]
* debian/fixshebang. sh: skip non-text files, which works around hanging of
sed on scanning gif images.
* Bumped up Standards-Version to 3.8.2. - 26. By daigo
-
* New upstream release.
* removed unnecessary patchs under debian/patches:
- 168_rexml_dos.dpatch
- 801_update_sample_ README
- 807_sync_try_lock_ always_ fail.dpatch
- 905_class_dup_should_ copy_constants. dpatch
- 090301_r22646_ OCSP_basic_ verify. dpatch
* Added a patch: debian/patches/ 090613_ exclude_ rdoc.dpatch
* Added debian/libopenssl- ruby1.8. lintian- overrides
* The upstream has fixed the DoS vulnerability in BigDecimal Ruby
Library (CVE-2009-1904; Closes: #532689)
* debian/control:
- Bumped up Standards-Version to 3.8.1.
- Corrected sections.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/ruby1.8