[SECURITY] [DLA 200-1] ruby1.9.1 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 200-1] ruby1.9.1 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 15 Apr 2015 20:17:59 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1504152016420.20570@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ruby1.9.1
Version        : 1.9.2.0-2+deb6u3
CVE ID         : CVE-2014-4975 CVE-2014-8080 CVE-2014-8090

CVE-2014-4975

    The encodes() function in pack.c had an off-by-one error that could
    lead to a stack-based buffer overflow. This could allow remote
    attackers to cause a denial of service (crash) or arbitrary code
    execution.

CVE-2014-8080, CVE-2014-8090

    The REXML parser could be coerced into allocating large string
    objects that could consume all available memory on the system. This
    could allow remote attackers to cause a denial of service (crash).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVLqtXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH6/AQALI4ssp9y15zi2MzLDedCbzs
jlI7s5YRpIiVPY+Yusx8RW85HN66I733v3VR76zVaVSvVbtTr5CW0kv7sp9ApKsY
TgkfbI+rWTwS+amz8KDrdnVTbh/vmGOJmU5CQzul7nx5ReBxLSa5p1pAZRpY9f9w
aqeNUqrYzN0wJARZJZKkxxeE1X1mmY9SsV3OPUVKH/jy8Vge0U7H//tHwy2NEFfO
RWU3VblSGb7y52n5de3+3W0ExKHEstJOEFPuIJnAQfZs1tr7QqP1fsWpjZ17vTD+
dM2k0s7HG9n9QYaTWrXxbu5B2knoJnVcvGmx17Ly3CP+OZalBlak5vWP2ep5oGBp
gy07j3cBvLdMmI6MfdivbFXequkp+joT9VRvaJo1JMQCMYF7IQ61o86j5Upj5jXG
C+nglwr00C7B9PcyPtAUTozayiLAQt2ZnF4QX6q37E8DLtRKKhBi2sA2wTQbqmwp
iaQiyHTRS10+SWfbt6IXW8UL9lgrHqFPARWAKKU2ntNmrVhAlp5wdcg0FkAdpRo3
pVzrEAmYMUqcOD397MNk9dYTOZBUFVZ3MCwZmnqNGKaCPJn5s+D7coCBgWJ8VJAC
QmjUb2OSbRP1gfCEP72O8Gl7nLBaI0A7z1UnYR7n4SyWnRhzxRJO6OyQlf7qAZ1M
DPX4xrCRd4qxVG+GXI/D
=cJPG
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 199-1] libx11 security update
Next by Date: [SECURITY] [DLA 201-1] tzdata new upstream version
Previous by thread: [SECURITY] [DLA 199-1] libx11 security update
Next by thread: [SECURITY] [DLA 201-1] tzdata new upstream version
Index(es):
- Date
- Thread