Package "ruby1.9.1"
Name: |
ruby1.9.1
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Tcl/Tk interface for Ruby 1.9.1
- Ruby Interactive reference (for Ruby 1.9.1)
- Ruby 1.9.1 full installation
- Interpreter of object-oriented scripting language Ruby, version 1.9.3
|
Latest version: |
1.9.3.0-1ubuntu2.10 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "ruby1.9.1" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
ruby1.9.1 (1.9.3.0-1ubuntu2.5) precise-security; urgency=low
* SECURITY UPDATE: denial of service via hash collisions
- debian/patches/20121120-cve-2012-5371.diff: replace hash
implementation in common.mk, random.c, siphash.*, string.c.
- CVE-2012-5371
* SECURITY UPDATE: xss in documents generated by rdoc
- debian/patches/CVE-2013-0256.patch: fix xss in
lib/rdoc/generator/template/darkfish/js/darkfish.js.
- CVE-2013-0256
* SECURITY UPDATE: DoS and unsafe object creation via JSON
- debian/patches/CVE-2013-0269.patch: fix JSON parsing in
ext/json/lib/json/add/core.rb, ext/json/lib/json/common.rb,
ext/json/parser/parser.c, ext/json/parser/parser.rl,
test/json/test_json.rb, test/json/test_json_addition.rb,
test/json/test_json_string_matching.rb.
- CVE-2013-0269
* Patches taken from Debian 1.9.3.194-7 package.
-- Marc Deslauriers <email address hidden> Fri, 15 Feb 2013 09:39:19 -0500
|
Source diff to previous version |
CVE-2012-5371 |
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions |
CVE-2013-0256 |
XSS exploit of RDoc documentation generated by rdoc |
CVE-2013-0269 |
The JSON gem 1.7.x before 1.7.7, 1.6.x before 1.6.8, and 1.5.x before 1.5.5 allows remote attackers to cause a denial of service (resource consumptio |
|
ruby1.9.1 (1.9.3.0-1ubuntu2.4) precise-security; urgency=low
* SECURITY UPDATE: Missing input sanitization of file paths
- debian/patches/CVE-2012-4522.patch: NUL characters are not
valid filename characters, so ensure that Ruby strings used for file
paths do not contain NUL characters. Based on upstream patch.
-- Tyler Hicks <email address hidden> Tue, 16 Oct 2012 09:39:05 -0700
|
Source diff to previous version |
CVE-2012-4522 |
ruby Unintentional file creation caused by inserting a illegal NUL character |
|
ruby1.9.1 (1.9.3.0-1ubuntu2.3) precise-security; urgency=low
* SECURITY UPDATE: Safe level bypass
- debian/patches/CVE-2012-4464_CVE-2012-4466.patch: Remove incorrect
string taint in exception handling methods. Based on upstream patch.
- CVE-2012-4464
- CVE-2012-4466
* debian/patches/CVE-2011-1005.patch: Drop since ruby1.9.x is technically
not affected by CVE-2011-1005. CVE-2012-4464 is the id assigned to the
vulnerability in the ruby1.9.x branch.
-- Tyler Hicks <email address hidden> Fri, 05 Oct 2012 16:28:05 -0700
|
Source diff to previous version |
CVE-2011-1005 |
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via |
|
ruby1.9.1 (1.9.3.0-1ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: Safe level bypass
- debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
in exception handling methods. Based on upstream patch.
- CVE-2011-1005
* SECURITY UPDATE: Add proper handling of rubygems SSL connections
- debian/patches/CVE-2012-2125-2126.patch: Perform certificate
verification and disallow HTTP->HTTPS redirection. Based on upstream
patch.
- CVE-2012-2125
- CVE-2012-2126
* debian/control: Add ca-certificates to libruby1.9.1 depends so that
rubygems can perform certificate verification
-- Tyler Hicks <email address hidden> Mon, 24 Sep 2012 09:31:38 -0700
|
Source diff to previous version |
CVE-2011-1005 |
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via |
|
ruby1.9.1 (1.9.3.0-1ubuntu2) precise; urgency=low
* Revert the previous upload, re-enabling the testsuite on ARM,
which should now work as we're rebuilding against a version
of eglibc with a working getcontext/setcontext (LP: #1021604)
-- Adam Conrad <email address hidden> Fri, 06 Jul 2012 00:42:46 -0600
|
1021604 |
ruby uses broken internal get/setcontext routines ... |
|
About
-
Send Feedback to @ubuntu_updates