Comment 3 for bug 385436

This bug was fixed in the package ruby1.8 - 1.8.6.111-2ubuntu1.3

---------------
ruby1.8 (1.8.6.111-2ubuntu1.3) hardy-security; urgency=low

  * SECURITY UPDATE: certificate spoofing via invalid return value check
    in OCSP_basic_verify
    - debian/patches/904_security_CVE-2009-0642.dpatch: also check for -1
      return code in ext/openssl/ossl_ocsp.c.
    - CVE-2009-0642
  * SECURITY UPDATE: denial of service in BigDecimal library via string
    argument that represents a large number (LP: #385436)
    - debian/patches/905_security_CVE-2009-1904.dpatch: handle large
      numbers properly in ext/bigdecimal/bigdecimal.c.
    - CVE-2009-1904

 -- Marc Deslauriers <email address hidden> Wed, 15 Jul 2009 13:06:03 -0400