[Technik] [SECURITY] [DSA 1157-1] New ruby1.8 packages fix
several vulnerabilities
Noèl Köthe
noel at debian.org
Tue Aug 29 15:13:40 CEST 2006
Am Sonntag, den 27.08.2006, 21:51 +0200 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1157-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> August 27th, 2006 http://www.debian.org/security/faq
>
> Package : ruby1.8
> Vulnerability : several
> Problem-Type : local/remote
> Debian-specific: no
> CVE ID : CVE-2006-3694 CVE-2006-1931
> Debian Bug : 378029 365520
ruby1.8 auf pima, pomo, yuma und cusa aktualisiert.
> For the stable distribution (sarge) these problem have been fixed in
> version 1.8.2-7sarge4.
changelog:
ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high
* akira yamada <akira at debian.org>
- added debian/patches/903_JVN-83768862.patch and
debian/patches/904_JVN-13947696.patch from Kobayashi Noritada
(closes: #378029):
- JVN#83768862: Alias features cannot handle safe levels correclty, so
it can be safety bypass.
- JVN#13947696: Some methods have defects that they can call other
methods, which really should be prohibited, in safe level 4.
-- akira yamada <akira at debian.org> Thu, 13 Jul 2006 19:36:58 +0900
ruby1.8 (1.8.2-7sarge3) stable-security; urgency=high
* Non-maintainer upload by the Security Team
* Applied upstream patch to fix denial of service
[debian/patches/902_CVE-2006-1931.patch]
-- Martin Schulze <joey at infodrom.org> Sat, 13 May 2006 20:24:24 +0200
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20060829/a56f42e7/attachment.pgp
More information about the Technik
mailing list