Viewing all changes in revision 26.
- Committer: Bazaar Package Importer
- Date: 2010-02-22 16:34:02 UTC
- Revision ID: james.westby@ubuntu.com-20100222163402-spkwkulyn9pgt14o
* SECURITY UPDATE: arbitrary code execution via string operations
- debian/patches/932_CVE-2009-4124.dpatch: calculate lengths properly
in string.c, add test in test/ruby/test_string.rb.
- CVE-2009-4124
* SECURITY UPDATE: incorrect log file sanitation in WEBrick (LP: #509392)
- debian/patches/933_CVE-2009-4492.dpatch: properly escape in
lib/webrick/{accesslog.rb,httprequest.rb,httpstatus.rb,httputils.rb},
add test to test/webrick/test_cgi.rb.
- CVE-2009-4492
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/934_CVE-2009-1904.dpatch: handle large numbers
properly in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904
- debian/patches/932_CVE-2009-4124.dpatch: calculate lengths properly
in string.c, add test in test/ruby/test_string.rb.
- CVE-2009-4124
* SECURITY UPDATE: incorrect log file sanitation in WEBrick (LP: #509392)
- debian/patches/933_CVE-2009-4492.dpatch: properly escape in
lib/webrick/{accesslog.rb,httprequest.rb,httpstatus.rb,httputils.rb},
add test to test/webrick/test_cgi.rb.
- CVE-2009-4492
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/934_CVE-2009-1904.dpatch: handle large numbers
properly in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904
- files added:
- .cvsignore
- files modified:
- debian/changelog
expand all
collapse all
added
removed
