UbuntuUpdates.org

Package "ruby1.9.1-full"

Name: ruby1.9.1-full

Description:

Ruby 1.9.1 full installation

Latest version: 1.9.3.0-1ubuntu2.10
Release: precise (12.04)
Level: updates
Repository: universe
Head package: ruby1.9.1
Homepage: http://www.ruby-lang.org/

Links


Download "ruby1.9.1-full"


Other versions of "ruby1.9.1-full" in Precise

Repository Area Version
base universe 1.9.3.0-1ubuntu1
security universe 1.9.3.0-1ubuntu2.10
PPA: Brightbox Ruby NG Experimental 1.9.2.180-5bbox1

Changelog

Version: 1.9.3.0-1ubuntu2.5 2013-02-21 15:06:51 UTC

  ruby1.9.1 (1.9.3.0-1ubuntu2.5) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via hash collisions
    - debian/patches/20121120-cve-2012-5371.diff: replace hash
      implementation in common.mk, random.c, siphash.*, string.c.
    - CVE-2012-5371
  * SECURITY UPDATE: xss in documents generated by rdoc
    - debian/patches/CVE-2013-0256.patch: fix xss in
      lib/rdoc/generator/template/darkfish/js/darkfish.js.
    - CVE-2013-0256
  * SECURITY UPDATE: DoS and unsafe object creation via JSON
    - debian/patches/CVE-2013-0269.patch: fix JSON parsing in
      ext/json/lib/json/add/core.rb, ext/json/lib/json/common.rb,
      ext/json/parser/parser.c, ext/json/parser/parser.rl,
      test/json/test_json.rb, test/json/test_json_addition.rb,
      test/json/test_json_string_matching.rb.
    - CVE-2013-0269
  * Patches taken from Debian 1.9.3.194-7 package.
 -- Marc Deslauriers <email address hidden> Fri, 15 Feb 2013 09:39:19 -0500

Source diff to previous version
CVE-2012-5371 Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions
CVE-2013-0256 XSS exploit of RDoc documentation generated by rdoc
CVE-2013-0269 The JSON gem 1.7.x before 1.7.7, 1.6.x before 1.6.8, and 1.5.x before 1.5.5 allows remote attackers to cause a denial of service (resource consumptio

Version: 1.9.3.0-1ubuntu2.4 2012-10-23 01:06:47 UTC

  ruby1.9.1 (1.9.3.0-1ubuntu2.4) precise-security; urgency=low

  * SECURITY UPDATE: Missing input sanitization of file paths
    - debian/patches/CVE-2012-4522.patch: NUL characters are not
      valid filename characters, so ensure that Ruby strings used for file
      paths do not contain NUL characters. Based on upstream patch.
 -- Tyler Hicks <email address hidden> Tue, 16 Oct 2012 09:39:05 -0700

Source diff to previous version
CVE-2012-4522 ruby Unintentional file creation caused by inserting a illegal NUL character

Version: 1.9.3.0-1ubuntu2.3 2012-10-10 23:07:20 UTC

  ruby1.9.1 (1.9.3.0-1ubuntu2.3) precise-security; urgency=low

  * SECURITY UPDATE: Safe level bypass
    - debian/patches/CVE-2012-4464_CVE-2012-4466.patch: Remove incorrect
      string taint in exception handling methods. Based on upstream patch.
    - CVE-2012-4464
    - CVE-2012-4466
  * debian/patches/CVE-2011-1005.patch: Drop since ruby1.9.x is technically
    not affected by CVE-2011-1005. CVE-2012-4464 is the id assigned to the
    vulnerability in the ruby1.9.x branch.
 -- Tyler Hicks <email address hidden> Fri, 05 Oct 2012 16:28:05 -0700

Source diff to previous version
CVE-2011-1005 The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via

Version: 1.9.3.0-1ubuntu2.2 2012-09-26 03:06:54 UTC

  ruby1.9.1 (1.9.3.0-1ubuntu2.2) precise-security; urgency=low

  * SECURITY UPDATE: Safe level bypass
    - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
      in exception handling methods. Based on upstream patch.
    - CVE-2011-1005
  * SECURITY UPDATE: Add proper handling of rubygems SSL connections
    - debian/patches/CVE-2012-2125-2126.patch: Perform certificate
      verification and disallow HTTP->HTTPS redirection. Based on upstream
      patch.
    - CVE-2012-2125
    - CVE-2012-2126
  * debian/control: Add ca-certificates to libruby1.9.1 depends so that
    rubygems can perform certificate verification
 -- Tyler Hicks <email address hidden> Mon, 24 Sep 2012 09:31:38 -0700

Source diff to previous version
CVE-2011-1005 The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via

Version: 1.9.3.0-1ubuntu2 2012-07-16 04:06:54 UTC

  ruby1.9.1 (1.9.3.0-1ubuntu2) precise; urgency=low

  * Revert the previous upload, re-enabling the testsuite on ARM,
    which should now work as we're rebuilding against a version
    of eglibc with a working getcontext/setcontext (LP: #1021604)
 -- Adam Conrad <email address hidden> Fri, 06 Jul 2012 00:42:46 -0600

1021604 ruby uses broken internal get/setcontext routines ...



About   -   Send Feedback to @ubuntu_updates