Your message dated Wed, 27 Jul 2011 18:32:38 +0200
with message-id <[email protected]>
and subject line Re: Bug#634941: ruby1.9.1: Please update to 1.9.2.290
has caused the Debian Bug report #634941,
regarding ruby1.9.1: Please update to 1.9.2.290
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
634941: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634941
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby1.9.1
Version: 1.9.2.180-5
Severity: wishlist
Tags: patch

Hi,

1.9.2.290 was released.
However, CVE-2011-0188 is not corrected in this version.
And, the patch is necessary so that there is a problem in the check on
the library of ext/tk.

I attaches patches which revise these problems.
Please update to this version with attached patches?

Best regards,
 Nobuhiro

-- 
Nobuhiro Iwamatsu
   iwamatsu at {nigauri.org / debian.org}
   GPG ID: 40AD1FA6
From f83651ac30c7c776dee8a6a401c654757cb8d1c2 Mon Sep 17 00:00:00 2001
From: mrkn <mrkn@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 1 Mar 2011 04:40:49 +0000
Subject: [PATCH] * ext/bigdecimal/bigdecimal.c (VpMemAlloc): CVE-2011-0188.  
 Fixes a bug reported by Drew Yao <ayao at apple.com>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30993 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
--- a/ext/bigdecimal/bigdecimal.c	2011-07-21 14:02:50.000000000 +0900
+++ b/ext/bigdecimal/bigdecimal.c	2011-07-21 14:03:01.000000000 +0900
@@ -2123,7 +2123,7 @@
 VP_EXPORT void *
 VpMemAlloc(U_LONG mb)
 {
-    void *p = xmalloc((unsigned int)mb);
+    void *p = xmalloc(mb);
     if(!p) {
         VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1);
     }
diff --git a/ext/tk/extconf.rb.orig b/ext/tk/extconf.rb
index fed2a30..e9b28cc 100644
--- a/ext/tk/extconf.rb
+++ b/ext/tk/extconf.rb
@@ -1035,7 +1035,7 @@ def find_tcl(tcllib, stubs, version, *opt_paths)
     lib = "tclstub"
   else
     func = "Tcl_FindExecutable"
-    lib = "tcl"
+    lib = tcllib
   end
 
   if version && ! version.empty?
@@ -1179,7 +1179,7 @@ def find_tk(tklib, stubs, version, *opt_paths)
     lib = "tkstub"
   else
     func = "Tk_Init"
-    lib = "tk"
+    lib = tklib
   end
 
   if version && ! version.empty?

--- End Message ---
--- Begin Message ---
Version: 1.9.2.290-1

I changed my mind, and packaged 1.9.2.290, since 1.9.3 didn't look ready
for unstable yet.

Lucas

On 21/07/11 at 15:33 +0900, Nobuhiro Iwamatsu wrote:
> Hi,
> 
> I see, thanks for your infomation.
> 
> Nobuhiro
> 
> 2011/7/21 Lucas Nussbaum <[email protected]>:
> > On 21/07/11 at 14:12 +0900, Nobuhiro Iwamatsu wrote:
> >> Source: ruby1.9.1
> >> Version: 1.9.2.180-5
> >> Severity: wishlist
> >> Tags: patch
> >>
> >> Hi,
> >>
> >> 1.9.2.290 was released.
> >> However, CVE-2011-0188 is not corrected in this version.
> >> And, the patch is necessary so that there is a problem in the check on
> >> the library of ext/tk.
> >>
> >> I attaches patches which revise these problems.
> >> Please update to this version with attached patches?
> >
> > Hi,
> >
> > We are considering switching directly to 1.9.3 as it's going to be
> > released very soon now. A package was uploaded to experimental. Maybe
> > you are interested in checking if it works for you.
> >
> > Lucas
> >
> 
> 
> 
> -- 
> Nobuhiro Iwamatsu
>    iwamatsu at {nigauri.org / debian.org}
>    GPG ID: 40AD1FA6
> 
> 
> 

-- 
| Lucas Nussbaum
| [email protected]   http://www.lucas-nussbaum.net/ |
| jabber: [email protected]             GPG: 1024D/023B3F4F |


--- End Message ---

Reply via email to