[SECURITY] Fedora Core 5 Update: ruby-1.8.5.2-1.fc5

Akira Tagoh tagoh at redhat.com
Mon Dec 11 16:13:58 UTC 2006 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1440
2006-12-11
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : ruby
Version     : 1.8.5.2
Release     : 1.fc5
Summary     : An interpreter of object-oriented scripting language
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming.  It has many features to process text
files and to do system management tasks (as in Perl).  It is simple,
straight-forward, and extensible.

---------------------------------------------------------------------

* Mon Dec 11 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5.2-1
- security fix release. (#218289)
* Fri Oct 27 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5-1
- security fix release.
- ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that
  causes the denial of service. (#212396)
- backport fixes from devel.
  - fixed rbconfig.rb to refer to DESTDIR for sitearchdir. (#207311)
  - updates to 1.8.5
    - removed the unnecessary patches:
      ruby-1.8.4-no-eaccess.patch, ruby-1.8.4-64bit-pack.patch,
      ruby-1.8.4-fix-insecure-dir-operation.patch,
      ruby-1.8.4-fix-insecure-regexp-modification.patch,
      ruby-1.8.4-fix-alias-safe-level.patch.
    - build with --enable-pthread except on ppc.
  - ruby-1.8.5-hash-memory-leak.patch: backported from CVS to fix a memory leak
    on Hash. [ruby-talk:211233]
  - owns sitearchdir. (#201208)
* Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-8
- security fixes [CVE-2006-3694]
  - ruby-1.8.4-fix-insecure-dir-operation.patch:
  - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure
    operations in the certain safe-level restrictions. (#199538)
  - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain
    safe-level restrictions. (#199543)
* Mon Jun 19 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-7.fc5
- fixed the wrong file list again. moved tcltk library into ruby-tcltk.
  (#195872)
* Thu Jun  8 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-5.fc5
- ruby-deprecated-search-path.patch: applied to add more search path
  for backward compatibility.
- added byacc to BuildReq.
- exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn't provided
  and buildsys became much stricter.
* Wed May 17 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-4.fc5
- correct sitelibdir. (#184198)
- ruby-rubyprefix.patch: moved all arch-independent modules under /usr/lib/ruby
  and keep arch-dependent modules under /usr/lib64/ruby for 64bit archs.
  so 'rubylibdir', 'sitelibdir' and 'sitedir' in Config::CONFIG points to
  the kind of /usr/lib/ruby now. (#184199)
- ruby-deprecated-search-path.patch: added the deprecated installation paths
  to the search path for the backward compatibility.
- added a Provides: ruby(abi) to ruby-libs.
- ruby-1.8.4-64bit-pack.patch: backport patch from upstream to fix unpack("l")
  not working on 64bit arch and integer overflow on template "w". (#189350)
- updated License tag to be more comfortable, and with a pointer to get more
  details, like Python package does. (#179933)
- clean up.

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

7ce81d3d2a19ce1b9c52b51fa04d1e8b1c8f7499  SRPMS/ruby-1.8.5.2-1.fc5.src.rpm
7ce81d3d2a19ce1b9c52b51fa04d1e8b1c8f7499  noarch/ruby-1.8.5.2-1.fc5.src.rpm
fffc6f292c90479b4882d006a1e61d1defe652b7  ppc/ruby-ri-1.8.5.2-1.fc5.ppc.rpm
c218e8195ff354bc48b49b0eecb9dc5180cc8393  ppc/ruby-rdoc-1.8.5.2-1.fc5.ppc.rpm
ec3b39b1f02c7a472f16a5f0b6ea762b6141c95f  ppc/ruby-libs-1.8.5.2-1.fc5.ppc.rpm
450fe21a323aca1197e05296753ff1a682232e5c  ppc/ruby-irb-1.8.5.2-1.fc5.ppc.rpm
6b7ae8911cd61643cd8b0b0b6a83fe35064daa6f  ppc/ruby-1.8.5.2-1.fc5.ppc.rpm
33691cebb4b6adab1339876dcdf1c80d6ba5cc12  ppc/ruby-devel-1.8.5.2-1.fc5.ppc.rpm
b49f473f686431cda259b9ad0fc3112c26faa901  ppc/ruby-mode-1.8.5.2-1.fc5.ppc.rpm
319da4b82d36f2b8001d6637ffb49551295de40a  ppc/ruby-tcltk-1.8.5.2-1.fc5.ppc.rpm
fffacda5a7a9c3b7e67da4c5311184ab88d89a09  ppc/debug/ruby-debuginfo-1.8.5.2-1.fc5.ppc.rpm
32d8c171fa5450b13966e2f45046db026868b325  ppc/ruby-docs-1.8.5.2-1.fc5.ppc.rpm
60750e80aeba7c65cc2437ec3197dd72ca456b1c  x86_64/ruby-irb-1.8.5.2-1.fc5.x86_64.rpm
f56285ca4e8e23e999d25982dce191ad91647801  x86_64/ruby-devel-1.8.5.2-1.fc5.x86_64.rpm
957b5d7fab1873e0d2aa300ca66a69d35d128eb4  x86_64/ruby-mode-1.8.5.2-1.fc5.x86_64.rpm
8a4991a738c757b60f84d99836eb9544e22fa1d3  x86_64/ruby-rdoc-1.8.5.2-1.fc5.x86_64.rpm
7ee23df67f795c6db0a61944f714140db56e7b44  x86_64/debug/ruby-debuginfo-1.8.5.2-1.fc5.x86_64.rpm
1493c4bc7d6427bc871ec2caebc378cd04943bfd  x86_64/ruby-1.8.5.2-1.fc5.x86_64.rpm
fcd748713afb8373778256f94075068a3ffe4d76  x86_64/ruby-ri-1.8.5.2-1.fc5.x86_64.rpm
4d26ca6f7f397593ac9350b4d7491344d4dffc17  x86_64/ruby-tcltk-1.8.5.2-1.fc5.x86_64.rpm
aabc208072b1aacb5b38416512c49f6c541a3c03  x86_64/ruby-libs-1.8.5.2-1.fc5.x86_64.rpm
7ea3434c13b7ccbf46a857950dcf360e271e72f3  x86_64/ruby-docs-1.8.5.2-1.fc5.x86_64.rpm
92713e123e949293e3b21e84d4b89aead6c63f56  i386/debug/ruby-debuginfo-1.8.5.2-1.fc5.i386.rpm
0eba418c244365612c006052aceaae3bbea6e99b  i386/ruby-1.8.5.2-1.fc5.i386.rpm
9fde02ec000fea4f1afbe7ed0251692c7fcc0ec2  i386/ruby-rdoc-1.8.5.2-1.fc5.i386.rpm
e9ccf8c7a58f5388be5d85726f718c48d1d0af11  i386/ruby-libs-1.8.5.2-1.fc5.i386.rpm
d4cb1fd7c1a643c7f6fc1c0e5f2ec78f147036c1  i386/ruby-tcltk-1.8.5.2-1.fc5.i386.rpm
90b7a6bd6a6f012b2cff021fea238ba81c8a8209  i386/ruby-mode-1.8.5.2-1.fc5.i386.rpm
df8af0fb438e5155127ce00d8329078108972fc9  i386/ruby-docs-1.8.5.2-1.fc5.i386.rpm
87931e5ecffbc0982fed03e8fbfbeda20505e75e  i386/ruby-devel-1.8.5.2-1.fc5.i386.rpm
21f187e12a24f41396c231298b10e79e9b268a87  i386/ruby-ri-1.8.5.2-1.fc5.i386.rpm
e2162b3e13fd4a418bd325f96352f7e13b7bb532  i386/ruby-irb-1.8.5.2-1.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the package-announce mailing list