This bug was fixed in the package ruby1.8 - 1.8.6.111-2ubuntu1.3 --------------- ruby1.8 (1.8.6.111-2ubuntu1.3) hardy-security; urgency=low
* SECURITY UPDATE: certificate spoofing via invalid return value check in OCSP_basic_verify - debian/patches/904_security_CVE-2009-0642.dpatch: also check for -1 return code in ext/openssl/ossl_ocsp.c. - CVE-2009-0642 * SECURITY UPDATE: denial of service in BigDecimal library via string argument that represents a large number (LP: #385436) - debian/patches/905_security_CVE-2009-1904.dpatch: handle large numbers properly in ext/bigdecimal/bigdecimal.c. - CVE-2009-1904 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 15 Jul 2009 13:06:03 -0400 ** Changed in: ruby1.8 (Ubuntu) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0642 -- DoS vulnerability in BigDecimal Ruby Library https://bugs.launchpad.net/bugs/385436 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs