-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 09 Sep 2008 10:42:17 +0900 Source: ruby1.8 Binary: libtcltk-ruby1.8 libruby1.8-dbg rdoc1.8 libgdbm-ruby1.8 ruby1.8-dev ruby1.8-elisp ruby1.8-examples libdbm-ruby1.8 irb1.8 ruby1.8 libreadline-ruby1.8 libopenssl-ruby1.8 libruby1.8 ri1.8 Architecture: source i386 all Version: 1.8.5-4etch3 Distribution: stable-security Urgency: high Maintainer: akira yamada <akira@debian.org> Changed-By: akira yamada <akira@debian.org> Description: irb1.8 - Interactive Ruby (for Ruby 1.8) libdbm-ruby1.8 - DBM interface for Ruby 1.8 libgdbm-ruby1.8 - GDBM interface for Ruby 1.8 libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8 libreadline-ruby1.8 - Readline interface for Ruby 1.8 libruby1.8 - Libraries necessary to run Ruby 1.8 libruby1.8-dbg - Debugging symbols for Ruby 1.8 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8 rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8) ri1.8 - Ruby Interactive reference (for Ruby 1.8) ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8 ruby1.8-elisp - ruby-mode for Emacsen ruby1.8-examples - Examples for Ruby 1.8 Changes: ruby1.8 (1.8.5-4etch3) stable-security; urgency=high . * applied debian/patches/167_multiple_vuln_200808: backported fixes for multiple vulnerabilities issued at <http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/> and <http://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released/>. - untrace_var is permitted at safe level 4 (from v1_8_7_32) - $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655) - Insecure methods may be called at safe level 1-3 (from v1_8_7_33) - Syslog operations are permitted at safe level 4 (from v1_8_7_44) - DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656) - Lack of taintness check in dl (from v1_8_7_72) (CVE-2008-3657) - DNS spoofing vulnerability in resolv.rb (backported ressolv.rb and resolv-replace.rb from 1.8.7.22-p72) (CVE-2008-1447) * applied debian/patches/168_rexml_dos: backported r19033 of trunk of ruby svn repository which fixes REXML DoS vulnerablility (CVE-2008-3790) <http://www.ruby-lang.org/ja/news/2008/08/23/dos-vulnerability-in-rexml/>. Files: 4c7df61bd710db620b87ae0a3b98d388 1079 interpreters optional ruby1.8_1.8.5-4etch3.dsc f7c9366a3e04f00f5d4e7deb5d27eaf9 142603 interpreters optional ruby1.8_1.8.5-4etch3.diff.gz e3cef11245e5554bef15f5598df21a8f 219408 interpreters optional ruby1.8_1.8.5-4etch3_i386.deb aff183539b7a3ffb37078d263b4c0fc4 1534674 libs optional libruby1.8_1.8.5-4etch3_i386.deb 64201f397337b7478893c08afc261e00 999668 libdevel extra libruby1.8-dbg_1.8.5-4etch3_i386.deb 329bf36bc69b73ac908d6131e12a9933 719716 devel optional ruby1.8-dev_1.8.5-4etch3_i386.deb 56ccc12092d5296e8156c1bc4f411119 197598 interpreters optional libdbm-ruby1.8_1.8.5-4etch3_i386.deb e5df4a73eea74976f81949cfc085c722 198252 interpreters optional libgdbm-ruby1.8_1.8.5-4etch3_i386.deb 221e994fe9132b0121ae1c1aef4d1a71 197916 interpreters optional libreadline-ruby1.8_1.8.5-4etch3_i386.deb f839ef877cc1d905f20868ac29d8c6d6 1856646 interpreters optional libtcltk-ruby1.8_1.8.5-4etch3_i386.deb 2327aefddae4e2dd58e9387e36a3934c 293708 interpreters optional libopenssl-ruby1.8_1.8.5-4etch3_i386.deb e16a6c9adf8603359b5031e46185bf25 245020 interpreters optional ruby1.8-examples_1.8.5-4etch3_all.deb 1b5eefc0ee08f8224b14e9cc887c408e 211002 interpreters optional ruby1.8-elisp_1.8.5-4etch3_all.deb d8312745f5bf656d950323c6c9761e1e 1241006 interpreters optional ri1.8_1.8.5-4etch3_all.deb e321a815c462f98b404b8c1665d1b55f 310244 doc optional rdoc1.8_1.8.5-4etch3_all.deb 69142939deabd04310455bb13f288c66 235612 interpreters optional irb1.8_1.8.5-4etch3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIxfNdXzkxpuIT8aARAoQQAJ0bevqX0YoMXMiKA922ymTZQWtqPACfUS5n oCwQu77niuqIr2o1GlPgRqs= =wMaR -----END PGP SIGNATURE----- Accepted: irb1.8_1.8.5-4etch3_all.deb to pool/main/r/ruby1.8/irb1.8_1.8.5-4etch3_all.deb libdbm-ruby1.8_1.8.5-4etch3_i386.deb to pool/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_i386.deb libgdbm-ruby1.8_1.8.5-4etch3_i386.deb to pool/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_i386.deb libopenssl-ruby1.8_1.8.5-4etch3_i386.deb to pool/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_i386.deb libreadline-ruby1.8_1.8.5-4etch3_i386.deb to pool/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_i386.deb libruby1.8-dbg_1.8.5-4etch3_i386.deb to pool/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_i386.deb libruby1.8_1.8.5-4etch3_i386.deb to pool/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_i386.deb libtcltk-ruby1.8_1.8.5-4etch3_i386.deb to pool/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_i386.deb rdoc1.8_1.8.5-4etch3_all.deb to pool/main/r/ruby1.8/rdoc1.8_1.8.5-4etch3_all.deb ri1.8_1.8.5-4etch3_all.deb to pool/main/r/ruby1.8/ri1.8_1.8.5-4etch3_all.deb ruby1.8-dev_1.8.5-4etch3_i386.deb to pool/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_i386.deb ruby1.8-elisp_1.8.5-4etch3_all.deb to pool/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch3_all.deb ruby1.8-examples_1.8.5-4etch3_all.deb to pool/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch3_all.deb ruby1.8_1.8.5-4etch3.diff.gz to pool/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.diff.gz ruby1.8_1.8.5-4etch3.dsc to pool/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.dsc ruby1.8_1.8.5-4etch3_i386.deb to pool/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_i386.deb