subject:"\[Bug 385436\] Re\: DoS vulnerability in BigDecimal Ruby Library"

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

2009-07-20 Thread Launchpad Bug Tracker

This bug was fixed in the package ruby1.8 - 1.8.6.111-2ubuntu1.3 --- ruby1.8 (1.8.6.111-2ubuntu1.3) hardy-security; urgency=low * SECURITY UPDATE: certificate spoofing via invalid return value check in OCSP_basic_verify - debian/patches/904_security_CVE-2009-0642.dpatch:

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

2009-06-13 Thread Bug Watch Updater

** Changed in: ruby1.8 (Debian) Status: New = Fix Released -- DoS vulnerability in BigDecimal Ruby Library https://bugs.launchpad.net/bugs/385436 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

2009-06-11 Thread Bug Watch Updater

** Changed in: ruby1.8 (Debian) Status: Unknown = New -- DoS vulnerability in BigDecimal Ruby Library https://bugs.launchpad.net/bugs/385436 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

2009-06-10 Thread Marc Deslauriers

** Visibility changed to: Public ** Changed in: ruby1.8 (Ubuntu) Importance: Undecided = Medium ** Changed in: ruby1.8 (Ubuntu) Status: New = Confirmed -- DoS vulnerability in BigDecimal Ruby Library https://bugs.launchpad.net/bugs/385436 You received this bug notification because

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

2009-06-10 Thread iGEL

Is importance Medium enough? Quote from the Rails blog: This could be used by an attacker to crash any ruby program which creates BigDecimal objects based on user input, including almost every Rails application. Sounds fairly critical to me... -- DoS vulnerability in BigDecimal Ruby Library

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

2009-06-10 Thread John Leach

This upstream patch fixes this bug: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revrevision=23652 Unfortunately, hunk #14 fails to apply to Hardy's Ruby source. It looks like the BigDecimal_to_f function has been rewritten since Hardy's version of Ruby (1.8.6.111). ** Bug watch added:

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

[Bug 385436] Re: DoS vulnerability in BigDecimal Ruby Library

6 matches

Site Navigation

Mail list logo

Footer information