Package: ruby1.9.1 / 1.9.2.0-2+deb6u2

Metadata

Package Version Patches format
ruby1.9.1 1.9.2.0-2+deb6u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
909_update_lib_README.diff | (download)

lib/README | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

---
100731_disable tests.diff | (download)

bootstraptest/test_io.rb | 44 22 + 22 - 0 !
bootstraptest/test_thread.rb | 30 15 + 15 - 0 !
2 files changed, 37 insertions(+), 37 deletions(-)

 disable two tests that are problematic on freebsd
Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590002

First test is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543805
and upstream bug http://redmine.ruby-lang.org/issues/show/2008

Second test is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542927
and upstream bug http://redmine.ruby-lang.org/issues/show/2025
It was fixed, but is now timing dependent.


903_skip_base_ruby_check.diff | (download)

configure.in | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

---
20100829 rubygems_disable_update_system.diff | (download)

lib/rubygems/commands/update_command.rb | 22 13 + 9 - 0 !
1 file changed, 13 insertions(+), 9 deletions(-)

---
20100829 rubygems_default_dir.diff | (download)

lib/rubygems/defaults.rb | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

---
CVE 2013 1821.patch | (download)

lib/rexml/document.rb | 12 12 + 0 - 0 !
lib/rexml/text.rb | 40 25 + 15 - 0 !
2 files changed, 37 insertions(+), 15 deletions(-)

 fix entity expansion dos vulnerability in rexml
 There was no fix upstream for the 1.9.2 series and upstream does not maintain
 it since quite some time. This patch is a backport from the upstream change in
 the 1.9.3 series, and does not include the associated change to unit tests.
CVE 2013 4073.patch | (download)

ext/openssl/lib/openssl/ssl-internal.rb | 18 13 + 5 - 0 !
test/openssl/test_ssl.rb | 29 29 + 0 - 0 !
2 files changed, 42 insertions(+), 5 deletions(-)

 fix hostname check bypassing vulnerability in ssl client
 CVE-2013-4073: Hostname identity check did not properly handle
 hostnames in the certificate that contain null bytes.
CVE 2013 4164.patch | (download)

test/ruby/test_float.rb | 12 12 + 0 - 0 !
util.c | 14 12 + 2 - 0 !
2 files changed, 24 insertions(+), 2 deletions(-)

 fix heap overflow in floating point parsing
 This vulnerability is tracked with CVE-2013-4164.
 .
 https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/