-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Nov 2014 13:57:49 +0100 Source: ruby1.8 Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libtcltk-ruby1.8 ruby1.8-examples ruby1.8-elisp ri1.8 Architecture: source all amd64 Version: 1.8.7.302-2squeeze3 Distribution: squeeze-lts Urgency: medium Maintainer: akira yamada <akira@debian.org> Changed-By: Holger Levsen <holger@debian.org> Description: libruby1.8 - Libraries necessary to run Ruby 1.8 libruby1.8-dbg - Debugging symbols for Ruby 1.8 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8 ri1.8 - Ruby Interactive reference (for Ruby 1.8) ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8 ruby1.8-elisp - ruby-mode for Emacsen ruby1.8-examples - Examples for Ruby 1.8 Changes: ruby1.8 (1.8.7.302-2squeeze3) squeeze-lts; urgency=medium . * Security upload by the Debian LTS team. * CVE-2011-0188: use upstream SVN r35953 to properly allocate memory, preventing arbitrary code execute or application crash. Reported by Drew Yao. * CVE-2011-2686: use upstream SVN r31713/31655 to reinitialize the random seed when forking to prevent CVE-2003-0900 like situations. * CVE-2011-2705: use upstream SVN r32050 to modify PRNG state to prevent random number sequence repeatation at forked child process which has same pid. Reported by Eric Wong. * CVE-2011-4815: use upstream SVN r34151 to fix a problem with predictable hash collisions resulting in denial of service (CPU consumption) attacks. Reported by Alexander Klink and Julian Waelde. * CVE-2014-8080: use upstream SVN r48164 from 1.9.3 branch to fix REXML parser to prevent memory consumption denial of service via crafted XML documents. Reported by Willis Vandevanter. * CVE-2014-8090: use upstream SVN r48406 from 1.9.3 to add REXML::Document#document to complement the fix for CVE-2014-8080. Reported by Tomas Hoger. Checksums-Sha1: a90eb3f04e0e89d5516b60b303baa779a095563a 2185 ruby1.8_1.8.7.302-2squeeze3.dsc 145dab6372da66ce2f6c6eaccf21d696afd9c5e4 58543 ruby1.8_1.8.7.302-2squeeze3.diff.gz c5c67c93554886700b84d0c0cca9d9eb9b3ba3cd 337648 ruby1.8-examples_1.8.7.302-2squeeze3_all.deb 63dc6c7e94272d5d7aa90bf92462e286c18be5b5 296530 ruby1.8-elisp_1.8.7.302-2squeeze3_all.deb ffcf888bc13a95fc08266f9179485ad9e2243ffe 1423372 ri1.8_1.8.7.302-2squeeze3_all.deb eb4232044c30d3d05ad9d6afe72a198bedddb324 310804 ruby1.8_1.8.7.302-2squeeze3_amd64.deb ed5f56a7ff352d39d8887d30b642c2189dd51953 2062696 libruby1.8_1.8.7.302-2squeeze3_amd64.deb 429194cd8ffc7da22a84a73f3338335a61e6ca35 1506656 libruby1.8-dbg_1.8.7.302-2squeeze3_amd64.deb d4e4b07d0ba2183e7b9b00f61097f7b9b5d3f731 886744 ruby1.8-dev_1.8.7.302-2squeeze3_amd64.deb 1f8626ac7dfb5d07f1c542271abaa5c681b744c7 2021156 libtcltk-ruby1.8_1.8.7.302-2squeeze3_amd64.deb Checksums-Sha256: 4e41c72872f944d8fb1b7453e878f3ce6d54ddf153674d8ab1386e9f9e8b0a60 2185 ruby1.8_1.8.7.302-2squeeze3.dsc 4f9137bf925f7f1314e4731978c5dd2aab060b3b356230ddc13ab8bb538aa01c 58543 ruby1.8_1.8.7.302-2squeeze3.diff.gz 408b30a650ef09543e146e4dad14286bab9664603284076c30f9b87ea22233cc 337648 ruby1.8-examples_1.8.7.302-2squeeze3_all.deb 473bb1225424104e84d2f1ead8c92e6e075ad6ada99b6f02bb0231350d98f29c 296530 ruby1.8-elisp_1.8.7.302-2squeeze3_all.deb 117ae68d8f92848d2c907a23a2a4a3a0a97e7c694b0d4c234458fbfbdc952440 1423372 ri1.8_1.8.7.302-2squeeze3_all.deb 86c8e2c5ad0aeae7365d8d1d207c2303cff74276696092f5980e1ebaa82e12c1 310804 ruby1.8_1.8.7.302-2squeeze3_amd64.deb f20361787fa4dfb0272a4dbf9fdf3ff6f26806ae47039f3a85509422b0910128 2062696 libruby1.8_1.8.7.302-2squeeze3_amd64.deb b15ddce6f1cf4a33562b3fcc406e0525c062464ad8e3bd9edd580b359c8cb857 1506656 libruby1.8-dbg_1.8.7.302-2squeeze3_amd64.deb 5922da123fa625427fe27ca41f80b1cd6b77923d95e02fe42a69aa1a16016fca 886744 ruby1.8-dev_1.8.7.302-2squeeze3_amd64.deb 615562f15ac5e98a10cc592f1cf669396a35b64ef1e46493648fe0ff20624d71 2021156 libtcltk-ruby1.8_1.8.7.302-2squeeze3_amd64.deb Files: ce6dfaf31d5b84bbdc00e956ab024a94 2185 ruby optional ruby1.8_1.8.7.302-2squeeze3.dsc 62b9bb1e8c690919d5872baa4296efb1 58543 ruby optional ruby1.8_1.8.7.302-2squeeze3.diff.gz 6fde43ded2669515d8b9a21745330e3e 337648 ruby optional ruby1.8-examples_1.8.7.302-2squeeze3_all.deb 0c202be5fd60b12412a1c47e6d671407 296530 ruby optional ruby1.8-elisp_1.8.7.302-2squeeze3_all.deb 6f323830289b2149b555fa738d6362d0 1423372 ruby optional ri1.8_1.8.7.302-2squeeze3_all.deb 797ee6027b5e51f2fee181b91446188b 310804 ruby optional ruby1.8_1.8.7.302-2squeeze3_amd64.deb fdd3954b644b6ab1f12ce1208971e6a3 2062696 libs optional libruby1.8_1.8.7.302-2squeeze3_amd64.deb 9be9b962f4d8b4d45ee3c17bdf19f427 1506656 debug extra libruby1.8-dbg_1.8.7.302-2squeeze3_amd64.deb e184bdf0625ac263c556c74ad81de106 886744 ruby optional ruby1.8-dev_1.8.7.302-2squeeze3_amd64.deb 7f5c6774a5c2f1b9c753b886cbb2c2c2 2021156 ruby optional libtcltk-ruby1.8_1.8.7.302-2squeeze3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUBVG9UdwkauFYGmqocAQpzXg/9FgORt5LDrJuLU6ajz9G+tYzIJLJfoKvv 8uPTXYFVGsf9A7/Sd6KzItX3CorzJADDZt/JWpeY0Iq4QMKl1LO0NEp9z26xad3W Bdr4/x7dtl4A5vJZ/z+tgCrBDXSakDujXejCrT7jUBbSINo/lqEjRbTaWByEBBbl qBWmqpEyqhUO0wXDlT9sFP1EcMfAy0SkYJj23LtlalyIU2Olu+LJvzVyhvYnfOzH wQsVtuFm0ifVMObp0FdhUTH3P4vg+dB4l8k0K7qw92GIwImKgBQ/ME01IMfM9w6i bybPOM4OC8aa9dn2xJjrY/lLHKqOLVABDYKeDpTkAAPWTvd27xfvpsAFHDXpcUFM BfvVzZuUwh3mjlBn8HYj105WxZ9TbH5UTvPdmAfIckXFWPAHAh9g8gD6rwL83rIl CFMlSciFybrzWfeP6O4aBcFs6qffTCyhorphbj04dWvPF78iHr4xQAb/LusDSjHh vGomTgTYcheQeX9t22vVDeVfNt4eiguBfEHJOprRrLaito/QF06kLxB5hx3/rQ7F GC3sLEJOrjIHtnSCFi+D9q448fglAfZC+7IzECG72pUKuY3fIkSM7fuzRW+ydBwx pOoiwoHLpDIQ4xtKaSy9/4zaDdrO19V5Vvn5zGNwCl9ou0rbnfEgSTRJdh6S9rO4 pE+GrsiTEW4= =NL1+ -----END PGP SIGNATURE-----