This bug was fixed in the package ruby1.8 - 1.8.6.111-2ubuntu1.3
---------------
ruby1.8 (1.8.6.111-2ubuntu1.3) hardy-security; urgency=low
* SECURITY UPDATE: certificate spoofing via invalid return value check
in OCSP_basic_verify
- debian/patches/904_security_CVE-2009-0642.dpatch: also check for -1
return code in ext/openssl/ossl_ocsp.c.
- CVE-2009-0642
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/905_security_CVE-2009-1904.dpatch: handle large
numbers properly in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 15 Jul 2009
13:06:03 -0400
** Changed in: ruby1.8 (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0642
--
DoS vulnerability in BigDecimal Ruby Library
https://bugs.launchpad.net/bugs/385436
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
