UbuntuUpdates.org

Package "ruby1.9.1-dev"

Name: ruby1.9.1-dev

Description:

Header files for compiling extension modules for the Ruby 1.9.1

Latest version: 1.9.3.0-1ubuntu2.10
Release: precise (12.04)
Level: security
Repository: main
Head package: ruby1.9.1
Homepage: http://www.ruby-lang.org/

Links


Download "ruby1.9.1-dev"


Other versions of "ruby1.9.1-dev" in Precise

Repository Area Version
base main 1.9.3.0-1ubuntu1
updates main 1.9.3.0-1ubuntu2.10
PPA: Brightbox Ruby NG Experimental 1:1.9.3.551-2bbox1~precise1

Changelog

Version: 1.9.3.0-1ubuntu2.10 2014-11-20 17:06:32 UTC

  ruby1.9.1 (1.9.3.0-1ubuntu2.10) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via XML expansion
    - debian/patches/CVE-2014-8090.patch: add REXML::Document#document
      to lib/rexml/document.rb, add warning to lib/rexml/entity.rb, added
      tests to test/rexml/test_document.rb.
    - CVE-2014-8090
 -- Marc Deslauriers <email address hidden> Wed, 19 Nov 2014 15:31:09 -0500

Source diff to previous version
CVE-2014-8090 Incomplete fix for CVE-2014-8080

Version: 1.9.3.0-1ubuntu2.9 2014-11-04 20:06:50 UTC

  ruby1.9.1 (1.9.3.0-1ubuntu2.9) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via buffer overrun in encodes
    function
    - debian/patches/CVE-2014x-4975.patch: properly calculate buffer size
      in pack.c.
    - CVE-2014-4975
  * SECURITY UPDATE: denial of service via XML expansion
    - debian/patches/CVE-2014-8080.patch: limit expansions in
      lib/rexml/entity.rb, added tests to test/rexml/test_document.rb,
      test/rexml/test_entity.rb.
    - CVE-2014-8080
 -- Marc Deslauriers <email address hidden> Mon, 03 Nov 2014 09:52:54 -0500

Source diff to previous version
CVE-2014-4975 ruby pack.c buffer overrun
CVE-2014-8080 Denial Of Service XML Expansion

Version: 1.9.3.0-1ubuntu2.8 2013-11-27 17:06:55 UTC

  ruby1.9.1 (1.9.3.0-1ubuntu2.8) precise-security; urgency=low

  * SECURITY UPDATE: safe level restriction bypass via DL and Fiddle
    - debian/patches/CVE-2013-2065.patch: perform taint checking in
      ext/dl/lib/dl/func.rb, ext/fiddle/function.c.
    - CVE-2013-2065
  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in floating point parsing.
    - debian/patches/CVE-2013-4164.patch: check lengths in util.c, added
      test to test/ruby/test_float.rb.
    - CVE-2013-4164
 -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2013 12:54:01 -0500

Source diff to previous version
CVE-2013-2065 RESERVED
CVE-2013-4164 Heap Overflow in Floating Point Parsing

Version: 1.9.3.0-1ubuntu2.7 2013-07-09 16:06:54 UTC

  ruby1.9.1 (1.9.3.0-1ubuntu2.7) precise-security; urgency=low

  * SECURITY UPDATE: incorrect ssl hostname verification
    - debian/patches/CVE-2013-4073.patch: fix hostname check and regression
      in ext/openssl/lib/openssl/ssl-internal.rb, added test to
      test/openssl/test_ssl.rb.
    - CVE-2013-4073
 -- Marc Deslauriers <email address hidden> Mon, 08 Jul 2013 13:04:38 -0400

Source diff to previous version
CVE-2013-4073 Hostname check bypassing vulnerability in SSL client

Version: 1.9.3.0-1ubuntu2.6 2013-03-25 18:06:59 UTC

  ruby1.9.1 (1.9.3.0-1ubuntu2.6) precise-security; urgency=low

  * SECURITY UPDATE: REXML entity expansion DoS
    - debian/patches/CVE-2013-1821.patch: set an expansion limit in
      lib/rexml/document.rb, lib/rexml/text.rb, added test to
      test/rexml/test_entity.rb.
    - Patch taken from Debian's 1.9.3.194-8.1
    - CVE-2013-1821
 -- Marc Deslauriers <email address hidden> Fri, 22 Mar 2013 13:50:42 -0400

CVE-2013-1821 entity expansion DoS vulnerability in REXML



About   -   Send Feedback to @ubuntu_updates