-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-02-22 16:34:02 UTC
-
Revision ID:
james.westby@ubuntu.com-20100222163402-spkwkulyn9pgt14o
Tags: 1.9.0.5-1ubuntu2
* SECURITY UPDATE: arbitrary code execution via string operations
- debian/patches/932_CVE-2009-4124.dpatch: calculate lengths properly
in string.c, add test in test/ruby/test_string.rb.
- CVE-2009-4124
* SECURITY UPDATE: incorrect log file sanitation in WEBrick (LP: #509392)
- debian/patches/933_CVE-2009-4492.dpatch: properly escape in
lib/webrick/{accesslog.rb,httprequest.rb,httpstatus.rb,httputils.rb},
add test to test/webrick/test_cgi.rb.
- CVE-2009-4492
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/934_CVE-2009-1904.dpatch: handle large numbers
properly in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904