Hello,
I have uploaded to unstable ruby1.9 1.9.0.2-6, which includes security fixes
(#494402, #497610). Please consider an exception for it to enter Lenny.
ruby1.9 (1.9.0.2-6) unstable; urgency=low
* Added patches under debian/patches which were backported from the
upstream and fixed multiple vulnerabilities:
- 301_dns_spoofing_r18424.dpatch: fixed DNS spoofing vulnerability
in resolv.rb. (CVE-2008-1447)
- 302_r18220_webrick_DoS.dpatch: fixed DoS vulnerability in WEBrick.
- 303_r17726_syslog_safeleve4.dpatch: syslog operations should be
protected from $SAFE level 4.
- 304_r17577_trace_var_safeleve4.dpatch: rb_f_trace_var should not
be allowed at safe level 4.
- 305_r18496_dl_tain.dpatch: dl doesn't check taintness, so it could
allow attackers to call dangerous functions.
- 306_r17586_methods_called_safelevel13.dpatch: Insecure methods may
be called at safe level 1-3.
(Closes: #494402)
- 307_r19033_rexml_DoS.dpatch: fixed DoS vulnerability in REXML.
(CVE-2008-3790) (Closes: #497610)
Regards,
Daigo
--
Daigo Moriwaki
beatles at sgtpepper dot net
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
