[DRE-maint] Please unblock ruby1.9 1.9.0.2-6

Daigo Moriwaki techml at sgtpepper.net
Wed Sep 3 04:23:23 UTC 2008


Hello,

I have uploaded to unstable ruby1.9 1.9.0.2-6, which includes security fixes
(#494402, #497610). Please consider an exception for it to enter Lenny.

ruby1.9 (1.9.0.2-6) unstable; urgency=low

  * Added patches under debian/patches which were backported from the
    upstream and fixed multiple vulnerabilities:
    - 301_dns_spoofing_r18424.dpatch: fixed DNS spoofing vulnerability
      in resolv.rb. (CVE-2008-1447)
    - 302_r18220_webrick_DoS.dpatch: fixed DoS vulnerability in WEBrick.
    - 303_r17726_syslog_safeleve4.dpatch: syslog operations should be
      protected from $SAFE level 4.
    - 304_r17577_trace_var_safeleve4.dpatch: rb_f_trace_var should not
      be allowed at safe level 4.
    - 305_r18496_dl_tain.dpatch: dl doesn't check taintness, so it could
      allow attackers to call dangerous functions.
    - 306_r17586_methods_called_safelevel13.dpatch: Insecure methods may
      be called at safe level 1-3.
      (Closes: #494402)
    - 307_r19033_rexml_DoS.dpatch: fixed DoS vulnerability in REXML.
      (CVE-2008-3790) (Closes: #497610)


Regards,
Daigo

-- 
Daigo Moriwaki
beatles at sgtpepper dot net



More information about the Pkg-ruby-extras-maintainers mailing list