Fedora Legacy Test Update Notification: ruby
Marc Deslauriers
marcdeslauriers at videotron.ca
Thu Feb 17 22:12:41 UTC 2005
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2007
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2007
2005-02-17
---------------------------------------------------------------------
Name : ruby
Versions : rh7.3: ruby-1.6.7-5.legacy
Versions : rh9: ruby-1.6.8-6.2.legacy
Versions : fc1: ruby-1.8.0-5.legacy
Summary : An interpreter of object-oriented scripting language.
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.
---------------------------------------------------------------------
Update Information:
An updated ruby package that fixes security issues is now available.
Ruby is an interpreted scripting language for object-oriented
programming.
A flaw was discovered in the CGI module of Ruby. If empty data is sent
by the POST method to the CGI script which requires MIME type
multipart/form-data, it can get stuck in a loop. A remote attacker could
trigger this flaw and cause a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0983 to this issue.
Andres Salomon reported an insecure file permissions flaw in the CGI
session management of Ruby. FileStore created world readable files that
could allow a malicious local user the ability to read CGI session data.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0755 to this issue.
Users are advised to upgrade to this erratum package, which contains
backported patches fixing these issues.
---------------------------------------------------------------------
Changelogs
rh73:
* Sun Feb 13 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.7-5.legacy
- Added missing bison and db1-devel BuildRequires
* Mon Jan 17 2005 David Eisenstein <deisenst at gtw.net> 1.6.7-4.legacy
- Added security patch for CAN-2004-0983, CGI Denial of Service
(Fedora Legacy Bugzilla # 2007)
* Fri Oct 08 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.7-3.legacy
- Added security patch for CAN-2004-0755
rh9:
* Sun Feb 13 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.8-6.2.legacy
- Added missing db4-devel BuildRequires
* Wed Jan 12 2005 Pekka Savola <pekkas at netcore.fi> 1.6.8-6.1.legacy
- fix CAN-2004-0755, CAN-2004-0983 (#2007)
fc1:
* Tue Feb 15 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.8.0-5.legacy
- Added missing groff, bison, tcl-devel, tk-devel, openssl-devel
zlib-devel, db4-devel and libtermcap-devel BuildRequires
* Sat Nov 20 2004 David Eisenstein <deisenst at gtw.net> 1.8.0-4.legacy
- Redid security fix [CAN-2004-0755]
- ruby-1.8.0-cgi_session_perms.patch: sets the permission of the session
data
file to 0600. Backport of FC2's patch to 1.8.1. (#2007)
- Re-enabled make test.
* Wed Nov 17 2004 David Eisenstein <deisenst at gtw.net> 1.8.0-3.legacy
- security fix [CAN-2004-0983]
- ruby-1.8.0-cgi-dos.patch: applied to fix a denial of service issue.
(#2007)
* Fri Oct 08 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.8.0-2.legacy
- Added security patch for CAN-2004-0755
- Disabled make test (for some reason, doesn't always work)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh7.3:
20229f10316a40bf968cfd79e54326d9853d62fa
redhat/7.3/updates-testing/i386/irb-1.6.7-5.legacy.i386.rpm
9221938904eb3752f6f662793590d0fd485717a3
redhat/7.3/updates-testing/i386/ruby-1.6.7-5.legacy.i386.rpm
e75c9fb30e5cc1ce70cc626269ee694bdc4ea192
redhat/7.3/updates-testing/i386/ruby-devel-1.6.7-5.legacy.i386.rpm
2f0efc45d8fc54bc2dd1be177c104e09f0869e5a
redhat/7.3/updates-testing/i386/ruby-docs-1.6.7-5.legacy.i386.rpm
f57720143f0c3cc0414f35bac468d2a43a4f4ba5
redhat/7.3/updates-testing/i386/ruby-libs-1.6.7-5.legacy.i386.rpm
c54372b3e92143c6a485a1eaec28e88084feda1c
redhat/7.3/updates-testing/i386/ruby-mode-1.6.7-5.legacy.i386.rpm
074cef5949a3d172808a482a8ce0854c2f57dae9
redhat/7.3/updates-testing/i386/ruby-mode-xemacs-1.6.7-5.legacy.i386.rpm
268350eb562c748eff321f7a60d4e8b2b35a75b4
redhat/7.3/updates-testing/i386/ruby-tcltk-1.6.7-5.legacy.i386.rpm
27418dc877d16766d22fc1906ce15b9937d2d631
redhat/7.3/updates-testing/SRPMS/ruby-1.6.7-5.legacy.src.rpm
rh9:
2bdad0706f49449491a7e48158d8d2e5796fc043
redhat/9/updates-testing/i386/irb-1.6.8-6.2.legacy.i386.rpm
3ff73cc2715e1e05b89c793a990d632a6e2d5ebc
redhat/9/updates-testing/i386/ruby-1.6.8-6.2.legacy.i386.rpm
4d9d86ee0b1393cd4d081404fb8905d0b58af1ec
redhat/9/updates-testing/i386/ruby-devel-1.6.8-6.2.legacy.i386.rpm
f8c4d14d8bbc90e974824eb355f7031d6d988fbb
redhat/9/updates-testing/i386/ruby-docs-1.6.8-6.2.legacy.i386.rpm
679649deebf9ffcfbeadadf0797aa4becf19e61e
redhat/9/updates-testing/i386/ruby-libs-1.6.8-6.2.legacy.i386.rpm
dda4147c16cbbb684a96e41393d2d2e9d162718d
redhat/9/updates-testing/i386/ruby-mode-1.6.8-6.2.legacy.i386.rpm
6146235cd606bbcccf6b5a0cfe3548aeccf06fa8
redhat/9/updates-testing/i386/ruby-tcltk-1.6.8-6.2.legacy.i386.rpm
42a4bbd8fb1938e18fd74bb6681f161bdf563048
redhat/9/updates-testing/SRPMS/ruby-1.6.8-6.2.legacy.src.rpm
fc1:
04c2365f7f3e81d6301cea8202b6da93049d8830
fedora/1/updates-testing/i386/irb-1.8.0-5.legacy.i386.rpm
f316e376df3ec8ef4d36492f1059fc830116579a
fedora/1/updates-testing/i386/ruby-1.8.0-5.legacy.i386.rpm
99152c9afef3260c395d98918f6dce80cdde6b33
fedora/1/updates-testing/i386/ruby-devel-1.8.0-5.legacy.i386.rpm
db7227360fff6dd7bfa038732267296867bfc100
fedora/1/updates-testing/i386/ruby-docs-1.8.0-5.legacy.i386.rpm
a1cdd38cd7899553856b474ab8a83430be7c0416
fedora/1/updates-testing/i386/ruby-libs-1.8.0-5.legacy.i386.rpm
ee5fb8899a19891ad523a0eedaa2b91ce9e99bd4
fedora/1/updates-testing/i386/ruby-mode-1.8.0-5.legacy.i386.rpm
b04a2aab214b5acdcc244efd13953dca51255d64
fedora/1/updates-testing/i386/ruby-tcltk-1.8.0-5.legacy.i386.rpm
e0776a0929040910b9059993a26ada0008f641c6
fedora/1/updates-testing/SRPMS/ruby-1.8.0-5.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050217/de2f2e6a/attachment.sig>
More information about the fedora-legacy-list
mailing list