Package: ruby1.9.1 / 1.9.2.0-2+deb6u7

Metadata

Package Version Patches format
ruby1.9.1 1.9.2.0-2+deb6u7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
909_update_lib_README.diff | (download)

lib/README | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

---
100731_disable tests.diff | (download)

bootstraptest/test_io.rb | 44 22 + 22 - 0 !
bootstraptest/test_thread.rb | 30 15 + 15 - 0 !
2 files changed, 37 insertions(+), 37 deletions(-)

 disable two tests that are problematic on freebsd
Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590002

First test is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543805
and upstream bug http://redmine.ruby-lang.org/issues/show/2008

Second test is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542927
and upstream bug http://redmine.ruby-lang.org/issues/show/2025
It was fixed, but is now timing dependent.


903_skip_base_ruby_check.diff | (download)

configure.in | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

---
20100829 rubygems_disable_update_system.diff | (download)

lib/rubygems/commands/update_command.rb | 22 13 + 9 - 0 !
1 file changed, 13 insertions(+), 9 deletions(-)

---
20100829 rubygems_default_dir.diff | (download)

lib/rubygems/defaults.rb | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

---
CVE 2013 1821.patch | (download)

lib/rexml/document.rb | 12 12 + 0 - 0 !
lib/rexml/text.rb | 40 25 + 15 - 0 !
2 files changed, 37 insertions(+), 15 deletions(-)

 fix entity expansion dos vulnerability in rexml
 There was no fix upstream for the 1.9.2 series and upstream does not maintain
 it since quite some time. This patch is a backport from the upstream change in
 the 1.9.3 series, and does not include the associated change to unit tests.
CVE 2013 4073.patch | (download)

ext/openssl/lib/openssl/ssl-internal.rb | 18 13 + 5 - 0 !
test/openssl/test_ssl.rb | 29 29 + 0 - 0 !
2 files changed, 42 insertions(+), 5 deletions(-)

 fix hostname check bypassing vulnerability in ssl client
 CVE-2013-4073: Hostname identity check did not properly handle
 hostnames in the certificate that contain null bytes.
CVE 2013 4164.patch | (download)

test/ruby/test_float.rb | 12 12 + 0 - 0 !
util.c | 14 12 + 2 - 0 !
2 files changed, 24 insertions(+), 2 deletions(-)

 fix heap overflow in floating point parsing
 This vulnerability is tracked with CVE-2013-4164.
 .
 https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
CVE 2014 4975.patch | (download)

pack.c | 8 5 + 3 - 0 !
test/ruby/test_pack.rb | 8 8 + 0 - 0 !
2 files changed, 13 insertions(+), 3 deletions(-)

 fix cve-2014-4975
CVE 2014 8080.patch | (download)

lib/rexml/entity.rb | 6 6 + 0 - 0 !
test/rexml/test_document.rb | 44 44 + 0 - 0 !
2 files changed, 50 insertions(+)

 fix cve-2014-8080
CVE 2014 8090.patch | (download)

lib/rexml/document.rb | 4 4 + 0 - 0 !
lib/rexml/entity.rb | 1 1 + 0 - 0 !
test/rexml/test_document.rb | 51 51 + 0 - 0 !
3 files changed, 56 insertions(+)

 fix cve-2014-8090
CVE 2011 2705.patch | (download)

lib/securerandom.rb | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 [patch] * lib/securerandom.rb (securerandom.random_bytes): modify
 PRNG state   to prevent random number sequence repeatation at forked child  
 process which has same pid.   reported by Eric Wong.  [ruby-core:35765]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@32050 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

CVE 2015 1855.patch | (download)

ext/openssl/lib/openssl/ssl-internal.rb | 62 58 + 4 - 0 !
test/openssl/test_ssl.rb | 150 150 + 0 - 0 !
2 files changed, 208 insertions(+), 4 deletions(-)

 fix openssl hostname verification
 Backported from the Ruby 2.0 branch. See
 https://bugs.ruby-lang.org/issues/9644 for details.
CVE 2011 0188.patch | (download)

ext/bigdecimal/bigdecimal.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 [patch] merge r35953 from ruby_1_8_7.

* ext/bigdecimal/bigdecimal.c (VpMemAlloc): Fixes a bug reported by Drew Yao <ayao at apple.com>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@37219 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

CVE 2013 2065.patch | (download)

ext/dl/lib/dl/func.rb | 3 3 + 0 - 0 !
ext/fiddle/function.c | 9 9 + 0 - 0 !
2 files changed, 12 insertions(+)

 fix for cve-2013-2065
  * ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when 
    $SAFE > 0.
  * ext/fiddle/function.c (function_call): check tainted when $SAFE > 0.

CVE 2013 0256.patch | (download)

lib/rdoc/generator/template/darkfish/js/darkfish.js | 16 9 + 7 - 0 !
1 file changed, 9 insertions(+), 7 deletions(-)

    [oss-security] cve-2013-0256 rdoc 2.3.0 through 3.12 xss exploit

CVE 2012 4522.patch | (download)

file.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 path name must not contain nul bytes.
 This is a fix for CVE-2012-4522.