ruby-devel-1.8.7.374-3.el6_6.i686
[317 KiB] |
Changelog
by Vít Ondruch (2014-11-16):
- Fix REXML billion laughs attack via parameter entity expansion
(CVE-2014-8080).
Resolves: rhbz#1163993
- REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090).
Resolves: rhbz#1163993
|
ruby-devel-1.8.7.374-3.el6_6.x86_64
[317 KiB] |
Changelog
by Vít Ondruch (2014-11-16):
- Fix REXML billion laughs attack via parameter entity expansion
(CVE-2014-8080).
Resolves: rhbz#1163993
- REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090).
Resolves: rhbz#1163993
|
ruby-devel-1.8.7.352-13.el6.x86_64
[313 KiB] |
Changelog
by Vít Ondruch (2013-11-22):
- Workaround build issues against OpenSSL with enabled ECC curves.
- Make DRb compatible with OpenSSL 1.0.1.
* ruby-1.9.3-p222-generate-1024-bits-RSA-key-instead-of-512-bits.patch
- Fix CVE-2013-4164 Heap Overflow in Floating Point Parsing
* ruby-1.9.3-p484-CVE-2013-4164-ignore-too-long-fraction-part-which-does-not-affect-the-result.patch
- Resolves: rhbz#1033500
|
ruby-devel-1.8.7.352-13.el6.i686
[313 KiB] |
Changelog
by Vít Ondruch (2013-11-22):
- Workaround build issues against OpenSSL with enabled ECC curves.
- Make DRb compatible with OpenSSL 1.0.1.
* ruby-1.9.3-p222-generate-1024-bits-RSA-key-instead-of-512-bits.patch
- Fix CVE-2013-4164 Heap Overflow in Floating Point Parsing
* ruby-1.9.3-p484-CVE-2013-4164-ignore-too-long-fraction-part-which-does-not-affect-the-result.patch
- Resolves: rhbz#1033500
|
ruby-devel-1.8.7.352-12.el6_4.i686
[312 KiB] |
Changelog
by Vít Ondruch (2013-07-08):
- Fix regression introduced by CVE-2013-4073
https://bugs.ruby-lang.org/issues/8575
* ruby-2.0.0-p255-Fix-SSL-client-connection-crash-for-SAN-marked-critical.patch
- Related: rhbz#979300
|
ruby-devel-1.8.7.352-12.el6_4.x86_64
[312 KiB] |
Changelog
by Vít Ondruch (2013-07-08):
- Fix regression introduced by CVE-2013-4073
https://bugs.ruby-lang.org/issues/8575
* ruby-2.0.0-p255-Fix-SSL-client-connection-crash-for-SAN-marked-critical.patch
- Related: rhbz#979300
|
ruby-devel-1.8.7.352-10.el6_4.i686
[312 KiB] |
Changelog
by Vít Ondruch (2013-03-01):
- $SAFE escaping vulnerability about Exception#to_s / NameError#to_s
* ruby-1.8.7-p371-CVE-2012-4481.patch
- Related: rhbz#915379
|
ruby-devel-1.8.7.352-10.el6_4.x86_64
[312 KiB] |
Changelog
by Vít Ondruch (2013-03-01):
- $SAFE escaping vulnerability about Exception#to_s / NameError#to_s
* ruby-1.8.7-p371-CVE-2012-4481.patch
- Related: rhbz#915379
|
ruby-devel-1.8.7.352-4.el6_2.x86_64
[311 KiB] |
Changelog
by Vít Ondruch (2011-12-19):
- Address CVE-2011-4815 "DoS (excessive CPU use) via hash meet-in-the-middle
attacks (oCERT-2011-003)"
* ruby-1.8.7-p352-CVE-2011-4815.patch
- Resolves: rhbz#768831
|
ruby-devel-1.8.7.352-4.el6_2.i686
[311 KiB] |
Changelog
by Vít Ondruch (2011-12-19):
- Address CVE-2011-4815 "DoS (excessive CPU use) via hash meet-in-the-middle
attacks (oCERT-2011-003)"
* ruby-1.8.7-p352-CVE-2011-4815.patch
- Resolves: rhbz#768831
|
ruby-devel-1.8.7.299-7.el6_1.1.x86_64
[304 KiB] |
Changelog
by Vít Ondruch (2011-05-02):
- Address CVE-2011-1004 "Symlink race condition by removing directory trees in
fileutils module"
* ruby-1.8.7-CVE-2011-1004.patch
- Address CVE-2011-1005 "Untrusted codes able to modify arbitrary strings"
* ruby-1.8.7-CVE-2011-1005.patch
- Address CVE-2011-0188 "memory corruption in BigDecimal on 64bit platforms"
* ruby-1.8.7-CVE-2011-0188.patch
- Resolves: rhbz#709963
|
ruby-devel-1.8.7.299-7.el6_1.1.i686
[304 KiB] |
Changelog
by Vít Ondruch (2011-05-02):
- Address CVE-2011-1004 "Symlink race condition by removing directory trees in
fileutils module"
* ruby-1.8.7-CVE-2011-1004.patch
- Address CVE-2011-1005 "Untrusted codes able to modify arbitrary strings"
* ruby-1.8.7-CVE-2011-1005.patch
- Address CVE-2011-0188 "memory corruption in BigDecimal on 64bit platforms"
* ruby-1.8.7-CVE-2011-0188.patch
- Resolves: rhbz#709963
|
ruby-devel-1.8.7.299-7.el6.x86_64
[303 KiB] |
Changelog
by Vít Ondruch (2011-02-01):
- Reverted to the readline5. The mentioned version change is relevant only
for Ruby 1.9.
|
ruby-devel-1.8.7.299-7.el6.i686
[303 KiB] |
Changelog
by Vít Ondruch (2011-02-01):
- Reverted to the readline5. The mentioned version change is relevant only
for Ruby 1.9.
|