-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 9 Sep 2008 03:18:03 +0000
Source: ruby1.9
Binary: rdoc1.9 ri1.9 libruby1.9 ruby1.9-elisp libtcltk-ruby1.9 libgdbm-ruby1.9 libopenssl-ruby1.9 libdbm-ruby1.9 ruby1.9-examples irb1.9 libruby1.9-dbg libreadline-ruby1.9 ruby1.9 ruby1.9-dev
Architecture: source i386 all
Version: 1.9.0+20060609-1etch3
Distribution: stable-security
Urgency: high
Maintainer: akira yamada <akira@debian.org>
Changed-By: akira yamada <akira@debian.org>
Description:
irb1.9 - Interactive Ruby (for Ruby 1.9)
libdbm-ruby1.9 - DBM interface for Ruby 1.9
libgdbm-ruby1.9 - GDBM interface for Ruby 1.9
libopenssl-ruby1.9 - OpenSSL interface for Ruby 1.9
libreadline-ruby1.9 - Readline interface for Ruby 1.9
libruby1.9 - Libraries necessary to run Ruby 1.9
libruby1.9-dbg - Debugging symbols for Ruby 1.9
libtcltk-ruby1.9 - Tcl/Tk interface for Ruby 1.9
rdoc1.9 - Generate documentation from Ruby source files (for Ruby 1.9)
ri1.9 - Ruby Interactive reference (for Ruby 1.9)
ruby1.9 - Interpreter of object-oriented scripting language Ruby 1.9
ruby1.9-dev - Header files for compiling extension modules for the Ruby 1.9
ruby1.9-elisp - ruby-mode for Emacsen
ruby1.9-examples - Examples for Ruby 1.9
Changes:
ruby1.9 (1.9.0+20060609-1etch3) stable-security; urgency=high
.
* applied debian/patches/103_multiple_vuln_200808:
backported fixes for multiple vulnerabilities issued at
<http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/>
and
<http://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released/>.
- untrace_var is permitted at safe level 4 (from v1_8_7_32)
- $PROGRAM_NAME may be modified at safe level 4 (from v1_8_7_35) (CVE-2008-3655)
- Insecure methods may be called at safe level 1-3 (from v1_8_7_33)
- Syslog operations are permitted at safe level 4 (from v1_8_7_44)
- DoS vulnerability in WEBrick (from v1_8_7_69) (CVE-2008-3656)
- Lack of taintness check in dl (from r18496 and r18510) (CVE-2008-3657)
- DNS spoofing vulnerability in resolv.rb (from v1_8_7_71) (CVE-2008-1447)
* applied debian/patches/168_rexml_dos:
backported r19033 of trunk of ruby svn repository
which fixes REXML DoS vulnerablility (CVE-2008-3790)
<http://www.ruby-lang.org/ja/news/2008/08/23/dos-vulnerability-in-rexml/>.
* applied debian/patches/105_cgi_empty_content:
invalid multipart data can make cgi.rb infinite loop and CPU consumption.
(CVE-2006-5467)
Files:
d9f8325a51dc85e7a592135602aa5adb 1102 interpreters optional ruby1.9_1.9.0+20060609-1etch3.dsc
f9ecc42746b8a277f0adf684db941813 32500 interpreters optional ruby1.9_1.9.0+20060609-1etch3.diff.gz
baf95223f575afea5a19eda8931ab20f 265788 interpreters optional ruby1.9-examples_1.9.0+20060609-1etch3_all.deb
5fd60bd0423a2bf3e7b7d9f2fdbf50f8 229404 interpreters optional ruby1.9-elisp_1.9.0+20060609-1etch3_all.deb
195e55b70aaf9f35ff0b3156460c05a0 694282 interpreters optional ri1.9_1.9.0+20060609-1etch3_all.deb
8829c7b1dc51b1694ec44c22df0b9aa2 318568 doc optional rdoc1.9_1.9.0+20060609-1etch3_all.deb
98a8ba887948dad97e365d6fe4cd7365 255728 interpreters optional irb1.9_1.9.0+20060609-1etch3_all.deb
068288ec56066aad6cd3c0148fa9e6b1 237500 interpreters optional ruby1.9_1.9.0+20060609-1etch3_i386.deb
4c1a4ec5f90608f16b719070239f2dc8 1752688 libs optional libruby1.9_1.9.0+20060609-1etch3_i386.deb
f01d2d77673b54570e3afcf06afb7bb4 345708 libdevel extra libruby1.9-dbg_1.9.0+20060609-1etch3_i386.deb
c34682888461aa146d404c9dccb9f987 757964 devel optional ruby1.9-dev_1.9.0+20060609-1etch3_i386.deb
6c8c40b3bac4b3008ca37c11d1c15b71 216578 interpreters optional libdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb
47671e30dd1a142519c40c1efc6559b9 215600 interpreters optional libgdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb
7ad6c7c069d6922eadc2d51919f42346 216352 interpreters optional libreadline-ruby1.9_1.9.0+20060609-1etch3_i386.deb
749baa15c5cdd78016acc2e4a4836f80 1867752 interpreters optional libtcltk-ruby1.9_1.9.0+20060609-1etch3_i386.deb
1e3e3abbe9099df9839f022207104e4c 309582 interpreters optional libopenssl-ruby1.9_1.9.0+20060609-1etch3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIxfNjXzkxpuIT8aARAnaDAJ9z7zrZ4DsJ5SVDD/jiRBJNtE82rwCePCvO
BHq3OMI+DpQNDZWdZVRHQus=
=y1Hu
-----END PGP SIGNATURE-----
Accepted:
irb1.9_1.9.0+20060609-1etch3_all.deb
to pool/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch3_all.deb
libdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb
to pool/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb
libgdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb
to pool/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb
libopenssl-ruby1.9_1.9.0+20060609-1etch3_i386.deb
to pool/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_i386.deb
libreadline-ruby1.9_1.9.0+20060609-1etch3_i386.deb
to pool/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_i386.deb
libruby1.9-dbg_1.9.0+20060609-1etch3_i386.deb
to pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_i386.deb
libruby1.9_1.9.0+20060609-1etch3_i386.deb
to pool/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_i386.deb
libtcltk-ruby1.9_1.9.0+20060609-1etch3_i386.deb
to pool/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_i386.deb
rdoc1.9_1.9.0+20060609-1etch3_all.deb
to pool/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch3_all.deb
ri1.9_1.9.0+20060609-1etch3_all.deb
to pool/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch3_all.deb
ruby1.9-dev_1.9.0+20060609-1etch3_i386.deb
to pool/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_i386.deb
ruby1.9-elisp_1.9.0+20060609-1etch3_all.deb
to pool/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch3_all.deb
ruby1.9-examples_1.9.0+20060609-1etch3_all.deb
to pool/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch3_all.deb
ruby1.9_1.9.0+20060609-1etch3.diff.gz
to pool/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3.diff.gz
ruby1.9_1.9.0+20060609-1etch3.dsc
to pool/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3.dsc
ruby1.9_1.9.0+20060609-1etch3_i386.deb
to pool/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_i386.deb
