Ubuntu
ruby2.0 package

Sync ruby2.0 2.0.0.353-1 (main) from Debian unstable (main)

Bug #1257609 reported by Logan Rosen
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ruby2.0 (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync ruby2.0 2.0.0.353-1 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in floating point parsing.
    - debian/patches/CVE-2013-4164.patch: check lengths in util.c, added
      test to test/ruby/test_float.rb.
    - CVE-2013-4164
This CVE was fixed in the new upstream release, as noted in Debian's changelog.

Changelog entries since current trusty version 2.0.0.343-1ubuntu1:

ruby2.0 (2.0.0.353-1) unstable; urgency=low

  * New upstream release
    + Includes fix for Heap Overflow in Floating Point Parsing (CVE-2013-4164)
      Closes: #730190

 -- Antonio Terceiro <email address hidden> Mon, 25 Nov 2013 22:34:25 -0300

CVE References

Logan Rosen (logan)
Changed in ruby2.0 (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This bug was fixed in the package ruby2.0 - 2.0.0.353-1
Sponsored for Logan Rosen (logan)

---------------
ruby2.0 (2.0.0.353-1) unstable; urgency=low

  * New upstream release
    + Includes fix for Heap Overflow in Floating Point Parsing (CVE-2013-4164)
      Closes: #730190

 -- Antonio Terceiro <email address hidden> Mon, 25 Nov 2013 22:34:25 -0300

Changed in ruby2.0 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.