ruby-1.8.1-18.el4.x86_64
[159 KiB] |
Changelog
by Vít Ondruch (2012-01-13):
- Simplified fix for CVE-2011-4815.
- Properly initialize the random number generator when forking new process
* ruby-1.8.7-CVE-2011-3009.patch
- Related: rhbz#768828
|
ruby-1.8.1-16.el4.x86_64
[159 KiB] |
Changelog
by Vít Ondruch (2011-06-06):
- Comply with guidelines
- Related: rhbz#709959
|
ruby-1.8.1-7.el4_8.3.x86_64
[158 KiB] |
Changelog
by Akira TAGOH (2009-06-17):
- security fixes. (#505085)
- CVE-2007-1558: APOP password disclosure vulnerability.
- CVE-2009-0642: Incorrect checks for validity of X.509 certificates.
- CVE-2009-1904: DoS vulnerability in BigDecimal.
|
ruby-1.8.1-7.el4_7.2.x86_64
[158 KiB] |
Changelog
by Akira TAGOH (2008-11-19):
- security fix (#472067)
- CVE-2008-4310: real fix for CVE-2008-3656. original patch named as fix for
CVE-2008-3656 actually fixed different issue (CVE-2008-1145),
hence we are providing correct patch and renaming original
patch to refer to proper CVE.
|
ruby-1.8.1-7.el4_7.1.x86_64
[156 KiB] |
Changelog
by Akira TAGOH (2008-10-08):
- security fixes. (#461579)
- CVE-2008-3655: multiple insufficient safe mode restrictions.
- CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption).
- CVE-2008-3657: missing "taintness" checks in dl module.
- CVE-2008-3905: use of predictable source port and transaction id in DNS
requests done by resolv.rb module.
- CVE-2008-3443: Memory allocation failure in Ruby regex engine
(remotely exploitable DoS).
- CVE-2008-3790: DoS vulnerability in the REXML module.
|
ruby-1.8.1-7.el4_6.1.x86_64
[156 KiB] |
Changelog
by Akira TAGOH (2008-07-02):
- security fixes. (#451926)
- CVE-2008-2662: Integer overflow in rb_str_buf_append().
- CVE-2008-2663: Integer overflow in rb_ary_store().
- CVE-2008-2664: Unsafe use of alloca in rb_str_format().
- CVE-2008-2725: Integer overflow in rb_ary_update().
- CVE-2008-2726: Integer overflow in rb_ary_update().
- CVE-2008-2376: Integer overflow in rb_ary_fill().
|
ruby-1.8.1-7.EL4.8.1.x86_64
[155 KiB] |
Changelog
by Akira TAGOH (2007-10-27):
- security fixes (#320371)
- ruby-1.8.1-cgi-CVE-2006-6303.patch: fix an infinite loop with certain HTTp
request.
- ruby-1.8.1-CVE-2007-5162.patch: fix an insufficient verification of SSL
certificate.
|
ruby-1.8.1-7.EL4.8.x86_64
[155 KiB] |
Changelog
by Akira TAGOH (2006-11-01):
- BR tcl-devel and tk-devel instead of tcl and tk.
|
ruby-1.8.1-7.EL4.6.x86_64
[155 KiB] |
Changelog
by Akira TAGOH (2006-07-20):
- security fixes [CVE-2006-3694]
- fixed the insecure operations on Dir and Regexp in the certain safe-level
restrictions. (#199539)
- fixed to not bypass the certain safe-level restrictions. (#199545)
|
ruby-1.8.1-7.EL4.3.x86_64
[154 KiB] |
Changelog
by Akira TAGOH (2006-04-21):
- security fix [CVE-2006-1931]
- ruby-1.8.2-webrick-dos-1.patch: a patch to read data with non-blocking I/O.
- ruby-1.8.2-xmlrpc-dos-1.patch: a patch to use WEBrick's HTTPServer class to
avoid the above issue as well.
|
ruby-1.8.1-7.EL4.2.x86_64
[154 KiB] |
Changelog
by Akira TAGOH (2005-10-05):
- security fix [CAN-2005-2337]
- ruby-1.8.1-safe-CAN-2005-2337.patch: a patch to preserve safe level in
the environment where a method is defined. (#169575)
|
ruby-1.8.1-7.EL4.1.x86_64
[154 KiB] |
Changelog
by Akira TAGOH (2005-06-21):
- security fix [CAN-2005-1992]
- ruby-1.8.2-tcltk-multilib.patch: applied to get tcltklib.so built.
- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: applied to fix the arbitrary command
execution on XMLRPC server. (#161095)
|