Package: ruby-ox / 2.1.1-2+deb8u1

Metadata

Package Version Patches format
ruby-ox 2.1.1-2+deb8u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix_parse_obj_segfault.patch | (download)

ext/ox/err.c | 4 4 + 0 - 0 !
ext/ox/obj_load.c | 6 4 + 2 - 0 !
ext/ox/ox.c | 4 4 + 0 - 0 !
3 files changed, 12 insertions(+), 2 deletions(-)

 avoid crash with invalid xml passed to oj.parse_obj()
 this fixes CVE-2017-15928
000 fix so load path.patch | (download)

lib/ox.rb | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix the load path of the extension
 The require of the extension in the Ruby library assumes it is in stalled
 as a gem and hence loads 'ox/ox', but it should just load the installed
 'ox.so'.