Fedora Legacy Test Update Notification: ruby

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Feb 17 22:12:41 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2007
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2007
2005-02-17
---------------------------------------------------------------------

Name        : ruby
Versions    : rh7.3: ruby-1.6.7-5.legacy
Versions    : rh9: ruby-1.6.8-6.2.legacy
Versions    : fc1: ruby-1.8.0-5.legacy
Summary     : An interpreter of object-oriented scripting language.
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.

---------------------------------------------------------------------
Update Information:

An updated ruby package that fixes security issues is now available.

Ruby is an interpreted scripting language for object-oriented
programming.

A flaw was discovered in the CGI module of Ruby. If empty data is sent
by the POST method to the CGI script which requires MIME type
multipart/form-data, it can get stuck in a loop. A remote attacker could
trigger this flaw and cause a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0983 to this issue.

Andres Salomon reported an insecure file permissions flaw in the CGI
session management of Ruby. FileStore created world readable files that
could allow a malicious local user the ability to read CGI session data.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0755 to this issue.

Users are advised to upgrade to this erratum package, which contains
backported patches fixing these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Sun Feb 13 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.6.7-5.legacy
- Added missing bison and db1-devel BuildRequires

* Mon Jan 17 2005 David Eisenstein <deisenst at gtw.net> 1.6.7-4.legacy
- Added security patch for CAN-2004-0983, CGI Denial of Service
   (Fedora Legacy Bugzilla # 2007)

* Fri Oct 08 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.6.7-3.legacy
- Added security patch for CAN-2004-0755

rh9:
* Sun Feb 13 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.6.8-6.2.legacy
- Added missing db4-devel BuildRequires

* Wed Jan 12 2005 Pekka Savola <pekkas at netcore.fi> 1.6.8-6.1.legacy
- fix CAN-2004-0755, CAN-2004-0983 (#2007)

fc1:
* Tue Feb 15 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.8.0-5.legacy
- Added missing groff, bison, tcl-devel, tk-devel, openssl-devel
   zlib-devel, db4-devel and libtermcap-devel BuildRequires

* Sat Nov 20 2004 David Eisenstein <deisenst at gtw.net> 1.8.0-4.legacy
- Redid security fix [CAN-2004-0755]
- ruby-1.8.0-cgi_session_perms.patch: sets the permission of the session 
data
   file to 0600. Backport of FC2's patch to 1.8.1. (#2007)
- Re-enabled make test.

* Wed Nov 17 2004 David Eisenstein <deisenst at gtw.net> 1.8.0-3.legacy
- security fix [CAN-2004-0983]
- ruby-1.8.0-cgi-dos.patch: applied to fix a denial of service issue. 
(#2007)

* Fri Oct 08 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.8.0-2.legacy
- Added security patch for CAN-2004-0755
- Disabled make test (for some reason, doesn't always work)

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
20229f10316a40bf968cfd79e54326d9853d62fa 
redhat/7.3/updates-testing/i386/irb-1.6.7-5.legacy.i386.rpm
9221938904eb3752f6f662793590d0fd485717a3 
redhat/7.3/updates-testing/i386/ruby-1.6.7-5.legacy.i386.rpm
e75c9fb30e5cc1ce70cc626269ee694bdc4ea192 
redhat/7.3/updates-testing/i386/ruby-devel-1.6.7-5.legacy.i386.rpm
2f0efc45d8fc54bc2dd1be177c104e09f0869e5a 
redhat/7.3/updates-testing/i386/ruby-docs-1.6.7-5.legacy.i386.rpm
f57720143f0c3cc0414f35bac468d2a43a4f4ba5 
redhat/7.3/updates-testing/i386/ruby-libs-1.6.7-5.legacy.i386.rpm
c54372b3e92143c6a485a1eaec28e88084feda1c 
redhat/7.3/updates-testing/i386/ruby-mode-1.6.7-5.legacy.i386.rpm
074cef5949a3d172808a482a8ce0854c2f57dae9 
redhat/7.3/updates-testing/i386/ruby-mode-xemacs-1.6.7-5.legacy.i386.rpm
268350eb562c748eff321f7a60d4e8b2b35a75b4 
redhat/7.3/updates-testing/i386/ruby-tcltk-1.6.7-5.legacy.i386.rpm
27418dc877d16766d22fc1906ce15b9937d2d631 
redhat/7.3/updates-testing/SRPMS/ruby-1.6.7-5.legacy.src.rpm

rh9:
2bdad0706f49449491a7e48158d8d2e5796fc043 
redhat/9/updates-testing/i386/irb-1.6.8-6.2.legacy.i386.rpm
3ff73cc2715e1e05b89c793a990d632a6e2d5ebc 
redhat/9/updates-testing/i386/ruby-1.6.8-6.2.legacy.i386.rpm
4d9d86ee0b1393cd4d081404fb8905d0b58af1ec 
redhat/9/updates-testing/i386/ruby-devel-1.6.8-6.2.legacy.i386.rpm
f8c4d14d8bbc90e974824eb355f7031d6d988fbb 
redhat/9/updates-testing/i386/ruby-docs-1.6.8-6.2.legacy.i386.rpm
679649deebf9ffcfbeadadf0797aa4becf19e61e 
redhat/9/updates-testing/i386/ruby-libs-1.6.8-6.2.legacy.i386.rpm
dda4147c16cbbb684a96e41393d2d2e9d162718d 
redhat/9/updates-testing/i386/ruby-mode-1.6.8-6.2.legacy.i386.rpm
6146235cd606bbcccf6b5a0cfe3548aeccf06fa8 
redhat/9/updates-testing/i386/ruby-tcltk-1.6.8-6.2.legacy.i386.rpm
42a4bbd8fb1938e18fd74bb6681f161bdf563048 
redhat/9/updates-testing/SRPMS/ruby-1.6.8-6.2.legacy.src.rpm

fc1:
04c2365f7f3e81d6301cea8202b6da93049d8830 
fedora/1/updates-testing/i386/irb-1.8.0-5.legacy.i386.rpm
f316e376df3ec8ef4d36492f1059fc830116579a 
fedora/1/updates-testing/i386/ruby-1.8.0-5.legacy.i386.rpm
99152c9afef3260c395d98918f6dce80cdde6b33 
fedora/1/updates-testing/i386/ruby-devel-1.8.0-5.legacy.i386.rpm
db7227360fff6dd7bfa038732267296867bfc100 
fedora/1/updates-testing/i386/ruby-docs-1.8.0-5.legacy.i386.rpm
a1cdd38cd7899553856b474ab8a83430be7c0416 
fedora/1/updates-testing/i386/ruby-libs-1.8.0-5.legacy.i386.rpm
ee5fb8899a19891ad523a0eedaa2b91ce9e99bd4 
fedora/1/updates-testing/i386/ruby-mode-1.8.0-5.legacy.i386.rpm
b04a2aab214b5acdcc244efd13953dca51255d64 
fedora/1/updates-testing/i386/ruby-tcltk-1.8.0-5.legacy.i386.rpm
e0776a0929040910b9059993a26ada0008f641c6 
fedora/1/updates-testing/SRPMS/ruby-1.8.0-5.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050217/de2f2e6a/attachment.sig>

More information about the fedora-legacy-list mailing list