UbuntuUpdates.org

Package "ruby1.8"

Name: ruby1.8

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Tcl/Tk interface for Ruby 1.8
  • Ruby Interactive reference (for Ruby 1.8)
  • Ruby 1.8 full installation

Latest version: 1.8.7.352-2ubuntu1.6
Release: precise (12.04)
Level: security
Repository: universe

Links



Other versions of "ruby1.8" in Precise

Repository Area Version
base universe 1.8.7.352-2ubuntu1
base main 1.8.7.352-2ubuntu1
security main 1.8.7.352-2ubuntu1.6
updates universe 1.8.7.352-2ubuntu1.6
updates main 1.8.7.352-2ubuntu1.6
PPA: Brightbox Ruby NG Experimental 1:1.8.7.376-1bbox5~ubuntu12.04.1~ppa1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.8.7.352-2ubuntu1.6 2014-11-20 17:06:32 UTC

  ruby1.8 (1.8.7.352-2ubuntu1.6) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via XML expansion
    - debian/patches/CVE-2014-8090.patch: add REXML::Document#document
      to lib/rexml/document.rb, add warning to lib/rexml/entity.rb, added
      tests to test/rexml/test_document.rb.
    - CVE-2014-8090
 -- Marc Deslauriers <email address hidden> Wed, 19 Nov 2014 15:39:16 -0500

Source diff to previous version
CVE-2014-8090 Incomplete fix for CVE-2014-8080

Version: 1.8.7.352-2ubuntu1.5 2014-11-04 20:06:51 UTC

  ruby1.8 (1.8.7.352-2ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via XML expansion
    - debian/patches/CVE-2014-8080.patch: limit expansions in
      lib/rexml/entity.rb, added tests to test/rexml/test_document.rb.
    - CVE-2014-8080
 -- Marc Deslauriers <email address hidden> Fri, 31 Oct 2014 13:13:25 -0400

Source diff to previous version
CVE-2014-8080 Denial Of Service XML Expansion

Version: 1.8.7.352-2ubuntu1.4 2013-11-27 17:06:52 UTC

  ruby1.8 (1.8.7.352-2ubuntu1.4) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in floating point parsing.
    - debian/patches/CVE-2013-4164.patch: check lengths in util.c.
    - CVE-2013-4164
 -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 09:09:41 -0500

Source diff to previous version
CVE-2013-4164 Heap Overflow in Floating Point Parsing

Version: 1.8.7.352-2ubuntu1.3 2013-07-09 16:06:58 UTC

  ruby1.8 (1.8.7.352-2ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: incorrect ssl hostname verification
    - debian/patches/CVE-2013-4073.patch: fix hostname check and regression
      in ext/openssl/lib/openssl/ssl-internal.rb, added test to
      test/openssl/test_ssl.rb.
    - CVE-2013-4073
 -- Marc Deslauriers <email address hidden> Mon, 08 Jul 2013 10:17:35 -0400

Source diff to previous version
CVE-2013-4073 Hostname check bypassing vulnerability in SSL client

Version: 1.8.7.352-2ubuntu1.2 2013-03-25 18:06:56 UTC

  ruby1.8 (1.8.7.352-2ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: REXML entity expansion DoS
    - debian/patches/CVE-2013-1821.patch: set an expansion limit in
      lib/rexml/document.rb, lib/rexml/text.rb, added test to
      test/rexml/test_document.rb.
    - Patch taken from Debian's 1.8.7.358-7
    - CVE-2013-1821
 -- Marc Deslauriers <email address hidden> Fri, 22 Mar 2013 14:52:43 -0400

CVE-2013-1821 entity expansion DoS vulnerability in REXML



About   -   Send Feedback to @ubuntu_updates