Package: ruby-passenger / 3.0.13debian-1+deb7u2

Metadata

Package Version Patches format
ruby-passenger 3.0.13debian-1+deb7u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix_install_path.patch | (download)

build/packaging.rb | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 install in vendor_ruby directory and install common files in non-versioned path
CVE 2013 2119.patch | (download)

bin/passenger-install-nginx-module | 7 3 + 4 - 0 !
lib/phusion_passenger/dependencies.rb | 32 12 + 20 - 0 !
lib/phusion_passenger/platform_info.rb | 42 17 + 25 - 0 !
lib/phusion_passenger/platform_info/apache.rb | 11 1 + 10 - 0 !
lib/phusion_passenger/standalone/command.rb | 9 5 + 4 - 0 !
lib/phusion_passenger/standalone/runtime_installer.rb | 7 3 + 4 - 0 !
6 files changed, 41 insertions(+), 67 deletions(-)

 
 fix for cve-2013-2119: insecure tmp files usage
CVE 2013 4136.patch | (download)

ext/common/LoggingAgent/Main.cpp | 10 5 + 5 - 0 !
ext/common/ServerInstanceDir.h | 75 74 + 1 - 0 !
test/cxx/ServerInstanceDirTest.cpp | 4 3 + 1 - 0 !
3 files changed, 82 insertions(+), 7 deletions(-)

 
 fix for cve-2013-4136: insecure tmp files usage
CVE 2014 1831.patch | (download)

ext/common/ServerInstanceDir.h | 2 1 + 1 - 0 !
ext/common/Utils.cpp | 29 29 + 0 - 0 !
ext/common/Utils.h | 8 7 + 1 - 0 !
3 files changed, 37 insertions(+), 2 deletions(-)

 
 [patch] fix low-urgency security vulnerability: writing files to
 arbitrary directory by hijacking temp directories.
CVE 2014 1832.patch | (download)

ext/common/ServerInstanceDir.h | 36 21 + 15 - 0 !
ext/common/Utils.cpp | 29 0 + 29 - 0 !
ext/common/Utils.h | 6 0 + 6 - 0 !
3 files changed, 21 insertions(+), 50 deletions(-)

 
 [patch] fix a symlink-related security vulnerability.

The fix in commit 34b10878 and contained a small attack time window in
between two filesystem operations. This has been fixed.