Ubuntu
ruby1.8 package

lp:ubuntu/lucid-security/ruby1.8

  1. Lucid (10.04)
  2. lucid-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/lucid-security/ruby1.8
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

35. By Tyler Hicks

* SECURITY UPDATE: Cross-site scripting via HTTP error responses
  - debian/patches/CVE-2010-0541.patch: Use the ISO-8859-1 character
    set for HTTP error responses. Based on upstream patch.
  - CVE-2010-0541
* SECURITY UPDATE: Arbitrary code execution and denial of service
  - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
    corruption during allocation. Based on upstream patch.
  - CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
  - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
    than recursively removing everything underneath the symlink
    destination. Based on upstream patch.
  - CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
  - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
    in exception handling methods. Based on upstream patch.
  - CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
  - debian/patches/CVE-2011-2686.patch: Reseed the random number
    generator each time a child process is created. Based on upstream
    patch.
  - CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
  - debian/patches/CVE-2011-2705.patch: Reseed the random number
    generator with the pid number and the current time to prevent
    predictable random numbers in the case of pid number rollover. Based on
    upstream patch.
  - CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
  - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
    algorithm to prevent predictable results when inserting objects into a
    hash table. Based on upstream patch.
  - CVE-2011-4815

34. By Lucas Nussbaum

Add 100312_timeout-fix.dpatch: Backport upstream change to fix
problem with threads and timeouts. Closes: #539987

33. By Martin Pitt

Move libreadline5-dev build dependency to libreadline-dev, to build
against libreadline6. (Debian #553843)

32. By daigo

* New upstream release.
* The upstream has fixed a vulnerability in WEBrick, a part of Ruby's
  standard library. WEBrick lets attackers to inject malicious escape
  sequences to its logs, making it possible for dangerous control characters
  to be executed on a victim's terminal emulator.

31. By daigo

Added debian/patches/091125_gc_check.dpatch: applied Bryan's patch to fix
garbage collector seg faults under race conditions. (upstream issue #2326)
Thans to Bryan McLellan. (Closes: #557924)

30. By daigo

[ akira yamada ]
* Added debian/patches/090811_thread_and_select.dpatch: threads may hangup
  when IO.select called from two or more threads.
* Added debian/patches/090812_finalizer_at_exit.dpatch: finalizers should be
  run at exit (Closes: #534241)
* Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an
  object cloned. (Closes: #533329)
* Added debian/patches/090812_eval_long_exp_segv.dpatch: fix segv when eval
  a long expression. (Closes: #510561)
* Added debian/patches/090812_openssl_x509_warning.dpatch: suppress warning
  from OpenSSL::X509::ExtensionFactory. (Closes: #489443)

[ Lucas Nussbaum ]
* Removed Fumitoshi UKAI <email address hidden> from Uploaders. Thanks a
  lot for the past help! Closes: #541037

[ Daigo Moriwaki ]
* debian/fixshebang.sh: skip non-text files, which works around hanging of
  sed on scanning gif images.
* Bumped up Standards-Version to 3.8.2.

29. By daigo

New upstream release.

28. By daigo

[ akira yamada ]
* Added debian/patches/090811_thread_and_select.dpatch: threads may hangup
  when IO.select called from two or more threads.
* Added debian/patches/090812_finalizer_at_exit.dpatch: finalizers should be
  run at exit (Closes: #534241)
* Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an
  object cloned. (Closes: #533329)
* Added debian/patches/090812_eval_long_exp_segv.dpatch: fix segv when eval
  a long expression. (Closes: #510561)
* Added debian/patches/090812_openssl_x509_warning.dpatch: suppress warning
  from OpenSSL::X509::ExtensionFactory. (Closes: #489443)

[ Lucas Nussbaum ]
* Removed Fumitoshi UKAI <email address hidden> from Uploaders. Thanks a
  lot for the past help! Closes: #541037

[ Daigo Moriwaki ]
* debian/fixshebang.sh: skip non-text files, which works around hanging of
  sed on scanning gif images.
* Bumped up Standards-Version to 3.8.2.

27. By daigo

New upstream release.

26. By daigo

* New upstream release.
* removed unnecessary patchs under debian/patches:
  - 168_rexml_dos.dpatch
  - 801_update_sample_README
  - 807_sync_try_lock_always_fail.dpatch
  - 905_class_dup_should_copy_constants.dpatch
  - 090301_r22646_OCSP_basic_verify.dpatch
* Added a patch: debian/patches/090613_exclude_rdoc.dpatch
* Added debian/libopenssl-ruby1.8.lintian-overrides
* The upstream has fixed the DoS vulnerability in BigDecimal Ruby
  Library (CVE-2009-1904; Closes: #532689)
* debian/control:
  - Bumped up Standards-Version to 3.8.1.
  - Corrected sections.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/precise/ruby1.8
This branch contains Public information 
Everyone can see this information.

Subscribers