Debian Bug report logs - #730178
ruby1.9.1: CVE-2013-4164 Heap Overflow in Floating Point Parsing

version graph

Package: ruby1.9.1; Maintainer for ruby1.9.1 is Antonio Terceiro <terceiro@debian.org>; Source for ruby1.9.1 is src:ruby1.9.1.

Reported by: Christos Trochalakis <yatiohi@ideopolis.gr>

Date: Fri, 22 Nov 2013 10:15:02 UTC

Severity: grave

Tags: patch, security

Found in versions ruby1.9.1/1.9.3.448-1, ruby1.9.1/1.9.3.194-8.1+deb7u1

Fixed in versions ruby1.9.1/1.9.3.484-1, ruby1.9.1/1.9.3.194-8.1+deb7u2

Done: Antonio Terceiro <terceiro@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Antonio Terceiro <terceiro@debian.org>:
Bug#730178; Package ruby1.9.1. (Fri, 22 Nov 2013 10:15:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christos Trochalakis <yatiohi@ideopolis.gr>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Antonio Terceiro <terceiro@debian.org>. (Fri, 22 Nov 2013 10:15:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Christos Trochalakis <yatiohi@ideopolis.gr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ruby1.9.1: CVE-2013-4164 Heap Overflow in Floating Point Parsing
Date: Fri, 22 Nov 2013 12:04:54 +0200
Package: ruby1.9.1
Severity: grave
Tags: security

Hi,

The follow vulnerability was published for ruby:

CVE-2013-4164: Heap Overflow in Floating Point Parsing
https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/




Marked as found in versions ruby1.9.1/1.9.3.194-8.1+deb7u1. Request was from Christos Trochalakis <yatiohi@ideopolis.gr> to control@bugs.debian.org. (Fri, 22 Nov 2013 10:33:19 GMT) Full text and rfc822 format available.

Marked as found in versions ruby1.9.1/1.9.3.448-1. Request was from Christos Trochalakis <yatiohi@ideopolis.gr> to control@bugs.debian.org. (Fri, 22 Nov 2013 10:33:20 GMT) Full text and rfc822 format available.

Bug 730178 cloned as bugs 730189, 730190 Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 22 Nov 2013 13:36:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Antonio Terceiro <terceiro@debian.org>:
Bug#730178; Package ruby1.9.1. (Fri, 29 Nov 2013 09:03:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Antonio Terceiro <terceiro@debian.org>. (Fri, 29 Nov 2013 09:03:05 GMT) Full text and rfc822 format available.

Message #16 received at 730178@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: 730178@bugs.debian.org, 730189@bugs.debian.org
Cc: team@security.debian.org
Subject: Updates prepared in Git repository
Date: Fri, 29 Nov 2013 10:01:35 +0100
[Message part 1 (text/plain, inline)]
Control: tag -1 + patch pending

Hello,

I took the liberty to help prepare the relevant uploads in the
wheezy branch of the collab-maint git repositories:

For ruby1.8:
http://anonscm.debian.org/gitweb/?p=collab-maint/ruby1.8.git;a=shortlog;h=refs/heads/wheezy

For ruby1.9.1:
http://anonscm.debian.org/gitweb/?p=collab-maint/ruby1.9.1.git;a=shortlog;h=refs/heads/wheezy

Dear security team, please find attached the diff compared to the respective
versions in stable(-security). Is it OK to upload them ?

Dear maintainers, please test those updates (they build fine on
wheezy/amd64, I checked this) and upload them if you're happy with them.
Thank you in advance.

Note that for ruby1.8, I prepared the update on top of 1.8.7.358-7.1 which
was not in stable but it's a security fix only upload that went to
unstable and that should have gone to stable as well. The version is
smaller than the current version in unstable so we're fine.

Regards,

PS: I didn't took care of oldstable. Someone should handle that.
-- 
Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
[ruby-1.8.7.358-7.1+deb7u1.patch (text/x-diff, attachment)]
[ruby-1.9.3.194-8.1+deb7u2.patch (text/x-diff, attachment)]

Added tag(s) pending and patch. Request was from Raphael Hertzog <hertzog@debian.org> to 730178-submit@bugs.debian.org. (Fri, 29 Nov 2013 09:03:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Antonio Terceiro <terceiro@debian.org>:
Bug#730178; Package ruby1.9.1. (Fri, 29 Nov 2013 12:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Antonio Terceiro <terceiro@debian.org>. (Fri, 29 Nov 2013 12:00:04 GMT) Full text and rfc822 format available.

Message #23 received at 730178@bugs.debian.org (full text, mbox):

From: "Thijs Kinkhorst" <thijs@debian.org>
To: "Raphael Hertzog" <hertzog@debian.org>
Cc: 730178@bugs.debian.org, 730189@bugs.debian.org, team@security.debian.org
Subject: Re: Updates prepared in Git repository
Date: Fri, 29 Nov 2013 12:57:02 +0100
On Fri, November 29, 2013 10:01, Raphael Hertzog wrote:
> Dear security team, please find attached the diff compared to the
> respective
> versions in stable(-security). Is it OK to upload them ?

Yes, this is OK (ruby1.8 needs to be built with -sa, ruby1.9.1 without).
Thank you for your work on this.

> PS: I didn't took care of oldstable. Someone should handle that.

Obviously we prefer to release updates for all suites at the same time.
Are the versions in squeeze so much different that it would be a lot of
work to also apply the patches there?


Cheers,
Thijs



Information forwarded to debian-bugs-dist@lists.debian.org, Antonio Terceiro <terceiro@debian.org>:
Bug#730178; Package ruby1.9.1. (Fri, 29 Nov 2013 13:18:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Antonio Terceiro <terceiro@debian.org>. (Fri, 29 Nov 2013 13:18:08 GMT) Full text and rfc822 format available.

Message #28 received at 730178@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Thijs Kinkhorst <thijs@debian.org>
Cc: 730178@bugs.debian.org, 730189@bugs.debian.org, team@security.debian.org
Subject: Re: Updates prepared in Git repository
Date: Fri, 29 Nov 2013 14:15:07 +0100
[Message part 1 (text/plain, inline)]
On Fri, 29 Nov 2013, Thijs Kinkhorst wrote:
> > PS: I didn't took care of oldstable. Someone should handle that.
> 
> Obviously we prefer to release updates for all suites at the same time.
> Are the versions in squeeze so much different that it would be a lot of
> work to also apply the patches there?

Probably not, in fact Moritz already provided a patch for ruby1.8/squeeze.
I just took care to prepare the corresponding updates too (see debdiff
attached for 1.8.7.302-2squeeze2 and 1.9.2.0-2+deb6u2). Again they do
build but they are untested. Dear maintainers, please test and upload.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
[ruby-1.8.7.302-2squeeze2.patch (text/x-diff, attachment)]
[ruby-1.9.2.0-2+deb6u2.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#730178; Package ruby1.9.1. (Fri, 29 Nov 2013 14:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Antonio Terceiro <terceiro@debian.org>:
Extra info received and forwarded to list. (Fri, 29 Nov 2013 14:57:04 GMT) Full text and rfc822 format available.

Message #33 received at 730178@bugs.debian.org (full text, mbox):

From: Antonio Terceiro <terceiro@debian.org>
To: Thijs Kinkhorst <thijs@debian.org>, 730178@bugs.debian.org
Cc: Raphael Hertzog <hertzog@debian.org>, 730189@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#730178: Updates prepared in Git repository
Date: Fri, 29 Nov 2013 11:55:28 -0300
[Message part 1 (text/plain, inline)]
On Fri, Nov 29, 2013 at 12:57:02PM +0100, Thijs Kinkhorst wrote:
> On Fri, November 29, 2013 10:01, Raphael Hertzog wrote:
> > Dear security team, please find attached the diff compared to the
> > respective
> > versions in stable(-security). Is it OK to upload them ?
> 
> Yes, this is OK (ruby1.8 needs to be built with -sa, ruby1.9.1 without).
> Thank you for your work on this.
> 
> > PS: I didn't took care of oldstable. Someone should handle that.
> 
> Obviously we prefer to release updates for all suites at the same time.
> Are the versions in squeeze so much different that it would be a lot of
> work to also apply the patches there?

I am working on having fixed for all suites, and I should be able to
finish it during the weekend.

I had already send debdiff's to team@security.debian.org early in the
week but forgot to push them to the git repository, and to mention that
in the bug logs. Raphael, thanks for your help anyway.

-- 
Antonio Terceiro <terceiro@debian.org>
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#730178; Package ruby1.9.1. (Mon, 02 Dec 2013 11:54:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Antonio Terceiro <terceiro@debian.org>:
Extra info received and forwarded to list. (Mon, 02 Dec 2013 11:54:04 GMT) Full text and rfc822 format available.

Message #38 received at 730178@bugs.debian.org (full text, mbox):

From: Antonio Terceiro <terceiro@debian.org>
To: Thijs Kinkhorst <thijs@debian.org>, 730178@bugs.debian.org
Cc: Raphael Hertzog <hertzog@debian.org>, 730189@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#730178: Updates prepared in Git repository
Date: Mon, 2 Dec 2013 08:50:46 -0300
[Message part 1 (text/plain, inline)]
On Fri, Nov 29, 2013 at 11:55:28AM -0300, Antonio Terceiro wrote:
> I am working on having fixed for all suites, and I should be able to
> finish it during the weekend.
> 
> I had already send debdiff's to team@security.debian.org early in the
> week but forgot to push them to the git repository, and to mention that
> in the bug logs. Raphael, thanks for your help anyway.

I have uploaded fixed packages to stable-security and
oldstable-security, final diffs are atttached. Raphael, thanks for your
help.

I have also uploaded fixed packages for unstable. Their version numbers:

ruby1.8   1.8.7.358-9
ruby1.9.1 1.9.3.484-1
ruby2.0   2.0.0.353-1

-- 
Antonio Terceiro <terceiro@debian.org>
[ruby1.8-squeeze.diff (text/x-diff, attachment)]
[ruby1.8-wheezy.diff (text/x-diff, attachment)]
[ruby1.9.1-squeeze.dsc (text/plain, attachment)]
[ruby1.9.1-wheezy.dsc (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Reply sent to Antonio Terceiro <terceiro@debian.org>:
You have taken responsibility. (Mon, 02 Dec 2013 12:09:06 GMT) Full text and rfc822 format available.

Notification sent to Christos Trochalakis <yatiohi@ideopolis.gr>:
Bug acknowledged by developer. (Mon, 02 Dec 2013 12:09:06 GMT) Full text and rfc822 format available.

Message #43 received at 730178-close@bugs.debian.org (full text, mbox):

From: Antonio Terceiro <terceiro@debian.org>
To: 730178-close@bugs.debian.org
Subject: Bug#730178: fixed in ruby1.9.1 1.9.3.484-1
Date: Mon, 02 Dec 2013 12:04:07 +0000
Source: ruby1.9.1
Source-Version: 1.9.3.484-1

We believe that the bug you reported is fixed in the latest version of
ruby1.9.1, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 730178@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Terceiro <terceiro@debian.org> (supplier of updated ruby1.9.1 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 25 Nov 2013 22:31:23 -0300
Source: ruby1.9.1
Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ri1.9.1 ruby1.9.1-full ruby1.9.3
Architecture: source all amd64
Version: 1.9.3.484-1
Distribution: unstable
Urgency: low
Maintainer: Antonio Terceiro <terceiro@debian.org>
Changed-By: Antonio Terceiro <terceiro@debian.org>
Description: 
 libruby1.9.1 - Libraries necessary to run Ruby 1.9.1
 libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1
 libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1
 ri1.9.1    - Ruby Interactive reference (for Ruby 1.9.1)
 ruby1.9.1  - Interpreter of object-oriented scripting language Ruby
 ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1
 ruby1.9.1-examples - Examples for Ruby 1.9
 ruby1.9.1-full - Ruby 1.9.1 full installation
 ruby1.9.3  - Interpreter of object-oriented scripting language Ruby, version 1
Closes: 730178
Changes: 
 ruby1.9.1 (1.9.3.484-1) unstable; urgency=low
 .
   * New upstream release
     + Includes fix for Heap Overflow in Floating Point Parsing (CVE-2013-4164)
       Closes: #730178
     + drop debian/patches/2013-09-08-restore-rb_f_lambda-declaration.patch,
       already applied upstream.
Checksums-Sha1: 
 d969d465b1303a515fe3d693d68390f95a244a20 2648 ruby1.9.1_1.9.3.484-1.dsc
 6ae80f424968b5ce661ee9b2bee1c21adc9ee67c 12576996 ruby1.9.1_1.9.3.484.orig.tar.gz
 13f48a4705457c8576ed16ea5c733d5a2c01f0c5 56154 ruby1.9.1_1.9.3.484-1.debian.tar.gz
 10500bdac03d47247db96e4463fdc5eae4e76ae5 249496 ruby1.9.1-examples_1.9.3.484-1_all.deb
 aa7e6f0139ef4d99fdee8ed1d1a7d850f1ff9422 1697050 ri1.9.1_1.9.3.484-1_all.deb
 9d3674a5b3aed1f742a6bef516bb4d342c6a8cca 195030 ruby1.9.1-full_1.9.3.484-1_all.deb
 125ab38f0dbc65506ef5ffa7ca77402ae366c0c1 195472 ruby1.9.3_1.9.3.484-1_all.deb
 6c4b5a9622e03f8d95a14a492ae799a40a0b103f 231146 ruby1.9.1_1.9.3.484-1_amd64.deb
 5c6a00546aa693206551417c491c8996e8601193 2946426 libruby1.9.1_1.9.3.484-1_amd64.deb
 0e6a7cf16f770df28f42baff918b333b0d5eaa06 4266186 libruby1.9.1-dbg_1.9.3.484-1_amd64.deb
 7adc3e2a88eb6401832d46bce964349801480f74 1064360 ruby1.9.1-dev_1.9.3.484-1_amd64.deb
 1c6e367a65edefba37a6efcd98d2dfd312b005f3 1589964 libtcltk-ruby1.9.1_1.9.3.484-1_amd64.deb
Checksums-Sha256: 
 b4d6dcb3f34e05d5aa4c745fc404560ceea8f352071a58857b598ed461922fa6 2648 ruby1.9.1_1.9.3.484-1.dsc
 d684bc3a5ba72cda9ef30039f783c0f8cdc325bae5c8738c7bf05577cbe8f31d 12576996 ruby1.9.1_1.9.3.484.orig.tar.gz
 6c09ac390fc062cc3f6521378102fa148fbd3fb8997c04ee7cf6058286704b5e 56154 ruby1.9.1_1.9.3.484-1.debian.tar.gz
 127c48a7b8b46c286b7302973f5ec9f7dda7fb37ea6067f17b00df26d10a0945 249496 ruby1.9.1-examples_1.9.3.484-1_all.deb
 c7ed88f881e563a209db875509ce085efe2ce508a8adbe1ecac9064c6a65b459 1697050 ri1.9.1_1.9.3.484-1_all.deb
 6cae44fdd0474594c8e1e4b891aafbb41a1ab04bae1c4eb551340883cea3987a 195030 ruby1.9.1-full_1.9.3.484-1_all.deb
 dd027e3f100840ab116f137c4d7d34f65a64df423099bfd487702b380f595d1d 195472 ruby1.9.3_1.9.3.484-1_all.deb
 4da4b49191a841cdc39f65aa6f826c16d73426431441c64d269e574505aaf92d 231146 ruby1.9.1_1.9.3.484-1_amd64.deb
 49527859492e3adf6202b80c2ade0fae641d185c5705f6ff0870fca069f1c06c 2946426 libruby1.9.1_1.9.3.484-1_amd64.deb
 85114da19e20d930792aabfd9d5c54c459c18c3568df874fab2ae040820efdbb 4266186 libruby1.9.1-dbg_1.9.3.484-1_amd64.deb
 f821630de3266d1d4bdbf55898ea89e3b83bfe1cd6ef779dbfa70df8f2fab200 1064360 ruby1.9.1-dev_1.9.3.484-1_amd64.deb
 173d9ef3dde265e0528760737d23e23730069d671541c72a45655e770b9f7258 1589964 libtcltk-ruby1.9.1_1.9.3.484-1_amd64.deb
Files: 
 dc6c51f7abe9094e59e9ba632ca36d36 2648 ruby optional ruby1.9.1_1.9.3.484-1.dsc
 8ac0dee72fe12d75c8b2d0ef5d0c2968 12576996 ruby optional ruby1.9.1_1.9.3.484.orig.tar.gz
 08e8b6226a7168ad7dab08dee1bed2be 56154 ruby optional ruby1.9.1_1.9.3.484-1.debian.tar.gz
 662d072c3beaf7a7ab55aa8c0affde34 249496 ruby optional ruby1.9.1-examples_1.9.3.484-1_all.deb
 60d4899265d96341f2c738e3102086bf 1697050 ruby optional ri1.9.1_1.9.3.484-1_all.deb
 b70f37cfa550b7f0a52848fa73ea46a8 195030 ruby optional ruby1.9.1-full_1.9.3.484-1_all.deb
 c9f01eb20ed77fbdf6309d92ff0df9f7 195472 ruby optional ruby1.9.3_1.9.3.484-1_all.deb
 82eeaf91f6a660c4158051f5d6522fcb 231146 ruby optional ruby1.9.1_1.9.3.484-1_amd64.deb
 5d0ddc75215ba7b0033ea1e0e5a54158 2946426 libs optional libruby1.9.1_1.9.3.484-1_amd64.deb
 ffcea994305ed98d72e74d1a81fcca15 4266186 debug extra libruby1.9.1-dbg_1.9.3.484-1_amd64.deb
 7d52227329511b7ce6d2a6bdb95cbcb7 1064360 ruby optional ruby1.9.1-dev_1.9.3.484-1_amd64.deb
 264356d9916428862faaff591dde279d 1589964 ruby optional libtcltk-ruby1.9.1_1.9.3.484-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSnHHWAAoJEPwNsbvNRgvej7wP/3WUR7Y586N6IMOrOxAlHBrp
a4ZWPiHAQYeMOLWglTK3mE+kVAxEQvA/DXAg7mDjCUjf7jQw1GKrfFGxcGqjPFk4
e8eIhsue24w0cA6QfSa/+upw6/fBNNS2SZbEMfx3pPx4t+6BtCUWj2RiprEyleb/
94svDzEwAQmkEjEjsaMcs7EbcRb/3ENAGlpmLw3QIewbnApCcFO3wyMPUx37CSH9
rz3z7Kt/SDYdzoB5Io6yIeyHM9PTIG1V67NOzjkK74YrMIaP7iRwcm18VW8c+lRd
hd2vcTMYkm+61Ysfi7DL7WLGHsdQpNkdsVmlTFTo73fg3YhNEGqZ5I967K9YLTD5
w/eVgfzt7MO754uRAMFbHwXcWnESpMX6O03bzqprLTOKsZmXe8nevpowm24JBhmp
BZICJybu+EzUO0oLFIBTAZsusyOXA4QG4uakMIfD3kGvJoSixCFy9HcgZrBN9bU8
MCO7gaHqz34B4DDesJMibkwC/I+UevuIjIXq+wvVZgZzt2M6J/rERml/7bO/MMOt
tc+8AVd5z9YkzkIG1+45ON/utN8OCWjGUJWkYpuCZRXwt2x4lQ9kSJzYLfejsOmQ
khcsxBT9zhB2PwBN4Ib/raj3IHkFHUiJZovdHcStAJBfLVccY+1xk4qtVAuSMvPk
aHZ62/YPmfnoAUw9cGoX
=2yb3
-----END PGP SIGNATURE-----




Reply sent to Antonio Terceiro <terceiro@debian.org>:
You have taken responsibility. (Thu, 05 Dec 2013 21:21:28 GMT) Full text and rfc822 format available.

Notification sent to Christos Trochalakis <yatiohi@ideopolis.gr>:
Bug acknowledged by developer. (Thu, 05 Dec 2013 21:21:28 GMT) Full text and rfc822 format available.

Message #48 received at 730178-close@bugs.debian.org (full text, mbox):

From: Antonio Terceiro <terceiro@debian.org>
To: 730178-close@bugs.debian.org
Subject: Bug#730178: fixed in ruby1.9.1 1.9.3.194-8.1+deb7u2
Date: Thu, 05 Dec 2013 21:17:49 +0000
Source: ruby1.9.1
Source-Version: 1.9.3.194-8.1+deb7u2

We believe that the bug you reported is fixed in the latest version of
ruby1.9.1, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 730178@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Terceiro <terceiro@debian.org> (supplier of updated ruby1.9.1 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 01 Dec 2013 23:28:34 -0300
Source: ruby1.9.1
Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ri1.9.1 ruby1.9.1-full ruby1.9.3
Architecture: source all amd64
Version: 1.9.3.194-8.1+deb7u2
Distribution: stable-security
Urgency: low
Maintainer: akira yamada <akira@debian.org>
Changed-By: Antonio Terceiro <terceiro@debian.org>
Description: 
 libruby1.9.1 - Libraries necessary to run Ruby 1.9.1
 libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1
 libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1
 ri1.9.1    - Ruby Interactive reference (for Ruby 1.9.1)
 ruby1.9.1  - Interpreter of object-oriented scripting language Ruby
 ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1
 ruby1.9.1-examples - Examples for Ruby 1.9
 ruby1.9.1-full - Ruby 1.9.1 full installation
 ruby1.9.3  - Interpreter of object-oriented scripting language Ruby, version 1
Closes: 730178
Changes: 
 ruby1.9.1 (1.9.3.194-8.1+deb7u2) stable-security; urgency=low
 .
   [ Raphaël Hertzog ]
   * debian/patches/CVE-2013-4164.patch: add upstream patch to fix heap
     overflow in floating point parsing. Closes: #730178
Checksums-Sha1: 
 8d5182b3f081663a77d5f599dbe219fcc9f48cd2 2670 ruby1.9.1_1.9.3.194-8.1+deb7u2.dsc
 f97a8a3477fd442edef536dadd88a6dd9181d923 66747 ruby1.9.1_1.9.3.194-8.1+deb7u2.debian.tar.gz
 27f7339d9919c2c55a869d4a2525443a0da1ee25 233500 ruby1.9.1-examples_1.9.3.194-8.1+deb7u2_all.deb
 a6614616a212fbcb51f970d76c3786325af780fa 2173776 ri1.9.1_1.9.3.194-8.1+deb7u2_all.deb
 2d31aa9ea07079f854fb4d7cb1d88b8b7bbd1eab 171562 ruby1.9.1-full_1.9.3.194-8.1+deb7u2_all.deb
 606ec6388464be749a0506f1e666f80bd79a2d64 172140 ruby1.9.3_1.9.3.194-8.1+deb7u2_all.deb
 80c4f04dfa18e31e7c87257d0b3d136f20536f55 208562 ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 9086807e55f3a8476efa819f14fbe6b84989056d 4414732 libruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 8bca680be1e21490cb7dca6c4a8f58892d094d57 4564868 libruby1.9.1-dbg_1.9.3.194-8.1+deb7u2_amd64.deb
 88d20c0d85fc8c0b8e57f20a041a14d57eed832f 1384504 ruby1.9.1-dev_1.9.3.194-8.1+deb7u2_amd64.deb
 ee59e51c6a1dd6d3d13140ae23a8aa94757622f0 1959512 libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
Checksums-Sha256: 
 bf6a5b0ebbc0d288885b132d3185a738f1c0af5ac065e36d7e3d758795b5c512 2670 ruby1.9.1_1.9.3.194-8.1+deb7u2.dsc
 0e5ea3d2fd27128c32cf203dfb60b5b02d896321ac7f6ece5482c0425f432b0e 66747 ruby1.9.1_1.9.3.194-8.1+deb7u2.debian.tar.gz
 c2a17f44566e0b82d14fde4aa04a8d7ba51d32f1ca9d056c73636ace51c3ba0c 233500 ruby1.9.1-examples_1.9.3.194-8.1+deb7u2_all.deb
 6d6b2611d677609d58804a867a9c757115e718f877098957e7341bea95429d51 2173776 ri1.9.1_1.9.3.194-8.1+deb7u2_all.deb
 a10a845fc530e38d59b15c7ef3b41772c058692dca0709e28064ee890573edaa 171562 ruby1.9.1-full_1.9.3.194-8.1+deb7u2_all.deb
 2c037f68ae3a010e9a18bf872d16f05aad49d80f25d996a8c0f9e1df6dff19f5 172140 ruby1.9.3_1.9.3.194-8.1+deb7u2_all.deb
 5f49e26916d5b32e50e8d0f114f4eb78e8e91a5b19dc42719a3d13008903029e 208562 ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 dadb20714a4d1d19e88e72dbfa9e1dbd89b58f537d4615d84f910f33ddbda5d8 4414732 libruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 debd67db9e904b784c03ce40c2e091280161380a5c89dcedf36014a1a266ac3d 4564868 libruby1.9.1-dbg_1.9.3.194-8.1+deb7u2_amd64.deb
 c7d7f61585bf383a06551b83bfa7777fd686b08a1c6b1c9991407a9b3d6a696d 1384504 ruby1.9.1-dev_1.9.3.194-8.1+deb7u2_amd64.deb
 12f969d5307f968f6bf2718e7ac2b8568dc088898bd168397d423060f472788a 1959512 libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
Files: 
 88c1e8646e311c2a7b3994ca39fe0fda 2670 ruby optional ruby1.9.1_1.9.3.194-8.1+deb7u2.dsc
 9364c7c972a4dc89a3d5edd663271379 66747 ruby optional ruby1.9.1_1.9.3.194-8.1+deb7u2.debian.tar.gz
 41b184c4eade8497673f1894c24bd9e9 233500 ruby optional ruby1.9.1-examples_1.9.3.194-8.1+deb7u2_all.deb
 1d51ac02ee37305f91a8398c7d24f339 2173776 ruby optional ri1.9.1_1.9.3.194-8.1+deb7u2_all.deb
 4ba0cb5beaa91a7d5539a8089ae1d2e0 171562 ruby optional ruby1.9.1-full_1.9.3.194-8.1+deb7u2_all.deb
 2ff12a524d77b2ad2ed71b46a5818dc2 172140 ruby optional ruby1.9.3_1.9.3.194-8.1+deb7u2_all.deb
 325b76f6c0ef18b866642b081f0617b7 208562 ruby optional ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 d531ee69c33a187fc1b54f4555de82df 4414732 libs optional libruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 9292e5f890409f127bd194501ae2f7b8 4564868 debug extra libruby1.9.1-dbg_1.9.3.194-8.1+deb7u2_amd64.deb
 4ffa005ed1b4b686bad417aa323db2c8 1384504 ruby optional ruby1.9.1-dev_1.9.3.194-8.1+deb7u2_amd64.deb
 f64792f7bc9bf4252833b5f1717d7ab0 1959512 ruby optional libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSnFruAAoJEPwNsbvNRgve8f4QAPV4UyBp1zj1gJEiSuulQfEh
cRKnhHEI44EEajwwePQR0hUcr/mkKJ9pS/m0tsjjc8p0wDxCU/L7fz76nZAokoKj
NIwJZxEM1W+kCKp2+Vkt9mf5j3OaROXenPMhgJS3qUn9lCZu5nxDVFcwbUzYFda0
10KtRqsPuZvIIz99FlEJN53Er+wAXEqEP52rQRRJvgOOwKlxnarMR8OEjbKsB+Dc
YulJmoayK8XwmPQnXVlbMShyx8GM6SNbtVk+QwNfi03LgeeuGIkR3wGjbtOziTvU
I+PMjXwqC6+WhpNv975jDSz6D/K61ya+22ubJsk6GKeqjIO0S1hb7lD5ZkEYJDSX
3jbXgcrnOEUhyNGLpQmqpD64IRs41TUQ0PUS+0Tbankd1HXlyQgjNjdyY8ANh9v4
nh00x6n3wPb5HRptT8efHWfvFUpp+4qP/v1onqEfD1/NQu9wwhA4Ds1JHIqn1AoU
ije4ZFR9GB6Ezljj1UKj5Az+SOnzqGUJ7esV7L8TKV+OxjQeYWa29T++qP8ZDfT0
SHvlTDvp77tf7p9YrEZhyiAwHDemKtdu0TB+AJv9j4cTyk0iAXvAUQmRRa/uN1nL
Xy1IzcEV4tnxUgtfJQ5CrnUo7xtcDv0a20z7GD8B2qFXsPXEn3j+L7BYPeiwsU3I
1wuLGwPVdApaMXfIj5zb
=PYei
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 12 Jan 2014 07:32:30 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 14:17:20 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.