diff -Nru ruby1.9.1-1.9.3.194/debian/changelog ruby1.9.1-1.9.3.194/debian/changelog
--- ruby1.9.1-1.9.3.194/debian/changelog	2012-06-02 04:10:26.000000000 -0700
+++ ruby1.9.1-1.9.3.194/debian/changelog	2012-09-28 00:09:06.000000000 -0700
@@ -1,3 +1,19 @@
+ruby1.9.1 (1.9.3.194-1ubuntu1) quantal; urgency=low
+
+  * SECURITY UPDATE: Safe level bypass
+    - debian/patches/20120927-cve_2011_1005.patch: Remove incorrect string
+      taint in exception handling methods. Based on upstream patch.
+    - CVE-2011-1005
+  * Make the RubyGems fetcher use distro-provided ca-certificates
+    (LP: #1057926)
+    - debian/control: Add ca-certificates to libruby1.9.1 depends so that
+      rubygems can perform certificate verification
+    - debian/rules: Don't install SSL certificates from upstream sources
+    - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use
+      /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates.
+
+ -- Tyler Hicks <tyhicks@canonical.com>  Thu, 27 Sep 2012 20:37:54 -0700
+
 ruby1.9.1 (1.9.3.194-1) unstable; urgency=low
 
   [ Lucas Nussbaum ]
diff -Nru ruby1.9.1-1.9.3.194/debian/control ruby1.9.1-1.9.3.194/debian/control
--- ruby1.9.1-1.9.3.194/debian/control	2012-05-27 15:47:25.000000000 -0700
+++ ruby1.9.1-1.9.3.194/debian/control	2012-09-28 00:09:06.000000000 -0700
@@ -1,7 +1,8 @@
 Source: ruby1.9.1
 Section: ruby
 Priority: optional
-Maintainer: akira yamada <akira@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: akira yamada <akira@debian.org>
 Uploaders: Daigo Moriwaki <daigo@debian.org>, Lucas Nussbaum <lucas@debian.org>, Antonio Terceiro <terceiro@debian.org>
 Build-Depends: debhelper (>= 9.0), cdbs (>= 0.4.106), quilt, patch, autoconf, m4, bison, libgdbm-dev, libncursesw5-dev, libncurses5-dev, libreadline6-dev, tcl-dev, tk-dev, zlib1g-dev, libssl-dev, procps, file, libffi-dev, ruby1.8, libyaml-dev, openssl, chrpath, coreutils (>= 7.5-1)
 Standards-Version: 3.9.3
@@ -29,7 +30,7 @@
 Package: libruby1.9.1
 Section: libs
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ca-certificates, ${shlibs:Depends}, ${misc:Depends}
 Conflicts: libdbm-ruby1.9.1, libgdbm-ruby1.9.1, libreadline-ruby1.9.1, libopenssl-ruby1.9.1, irb1.8 (<< 1.9.1.378-2~), rdoc1.8 (<< 1.9.1.378-2~)
 Replaces: libdbm-ruby1.9.1, libgdbm-ruby1.9.1, libreadline-ruby1.9.1, libopenssl-ruby1.9.1, irb1.8, rdoc1.8
 Provides: libdbm-ruby1.9.1, libgdbm-ruby1.9.1, libreadline-ruby1.9.1, libopenssl-ruby1.9.1
diff -Nru ruby1.9.1-1.9.3.194/debian/patches/20120927-cve_2011_1005.patch ruby1.9.1-1.9.3.194/debian/patches/20120927-cve_2011_1005.patch
--- ruby1.9.1-1.9.3.194/debian/patches/20120927-cve_2011_1005.patch	1969-12-31 16:00:00.000000000 -0800
+++ ruby1.9.1-1.9.3.194/debian/patches/20120927-cve_2011_1005.patch	2012-09-28 00:09:06.000000000 -0700
@@ -0,0 +1,60 @@
+Description: Prevent untainted strings from being incorrectly tainted
+ This flaw allowed untainted strings to be tainted and modified, even in
+ safe level 4.
+Origin: backport, http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=30903&view=revision
+Index: ruby1.9.1-1.9.3.194/error.c
+===================================================================
+--- ruby1.9.1-1.9.3.194.orig/error.c	2012-02-25 04:32:19.000000000 -0800
++++ ruby1.9.1-1.9.3.194/error.c	2012-09-26 10:10:15.164576749 -0700
+@@ -569,7 +569,6 @@
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     r = rb_String(mesg);
+-    OBJ_INFECT(r, exc);
+     return r;
+ }
+ 
+@@ -854,10 +853,9 @@
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     StringValue(str);
+     if (str != mesg) {
+-	rb_iv_set(exc, "mesg", mesg = str);
++	OBJ_INFECT(str, mesg);
+     }
+-    OBJ_INFECT(mesg, exc);
+-    return mesg;
++    return str;
+ }
+ 
+ /*
+Index: ruby1.9.1-1.9.3.194/test/ruby/test_exception.rb
+===================================================================
+--- ruby1.9.1-1.9.3.194.orig/test/ruby/test_exception.rb	2012-02-07 16:44:05.000000000 -0800
++++ ruby1.9.1-1.9.3.194/test/ruby/test_exception.rb	2012-09-26 10:10:15.164576749 -0700
+@@ -333,4 +333,26 @@
+       load(t.path)
+     end
+   end
++
++  def test_to_s_taintness_propagation
++    for exc in [Exception, NameError]
++      m = "abcdefg"
++      e = exc.new(m)
++      e.taint
++      s = e.to_s
++      assert_equal(false, m.tainted?,
++                   "#{exc}#to_s should not propagate taintness")
++      assert_equal(false, s.tainted?,
++                   "#{exc}#to_s should not propagate taintness")
++    end
++
++    o = Object.new
++    def o.to_str
++      "foo"
++    end
++    o.taint
++    e = NameError.new(o)
++    s = e.to_s
++    assert_equal(true, s.tainted?)
++  end
+ end
diff -Nru ruby1.9.1-1.9.3.194/debian/patches/20120927-rubygems_disable_upstream_certs.patch ruby1.9.1-1.9.3.194/debian/patches/20120927-rubygems_disable_upstream_certs.patch
--- ruby1.9.1-1.9.3.194/debian/patches/20120927-rubygems_disable_upstream_certs.patch	1969-12-31 16:00:00.000000000 -0800
+++ ruby1.9.1-1.9.3.194/debian/patches/20120927-rubygems_disable_upstream_certs.patch	2012-09-28 00:09:07.000000000 -0700
@@ -0,0 +1,30 @@
+Description: Use the certificates maintained by the distro
+ Rather than using the certificates packaged in the upstream sources to verify
+ server SSL certificates, use the certificates provided by the ca-certificates
+ package.
+Author: Tyler Hicks <tyhicks@canonical.com>
+Forwarded: not-needed
+Index: ruby1.9.1-1.9.3.194/lib/rubygems/remote_fetcher.rb
+===================================================================
+--- ruby1.9.1-1.9.3.194.orig/lib/rubygems/remote_fetcher.rb	2012-09-27 10:48:23.046684546 -0700
++++ ruby1.9.1-1.9.3.194/lib/rubygems/remote_fetcher.rb	2012-09-27 10:48:42.590685014 -0700
+@@ -8,7 +8,7 @@
+ 
+ class Gem::RemoteFetcher
+ 
+-  BuiltinSSLCerts = File.expand_path("./ssl_certs/*.pem", File.dirname(__FILE__))
++  BuiltinSSLCerts = "/etc/ssl/certs/ca-certificates.crt"
+ 
+   include Gem::UserInteraction
+ 
+@@ -354,8 +354,8 @@
+   end
+ 
+   def add_rubygems_trusted_certs(store)
+-    Dir.glob(BuiltinSSLCerts).each do |ssl_cert_file|
+-      store.add_file ssl_cert_file
++    if File.file? BuiltinSSLCerts
++      store.add_file BuiltinSSLCerts
+     end
+   end
+ 
diff -Nru ruby1.9.1-1.9.3.194/debian/patches/series ruby1.9.1-1.9.3.194/debian/patches/series
--- ruby1.9.1-1.9.3.194/debian/patches/series	2012-05-27 15:46:34.000000000 -0700
+++ ruby1.9.1-1.9.3.194/debian/patches/series	2012-09-28 00:32:14.000000000 -0700
@@ -16,3 +16,5 @@
 110829-hurd_dirent_usage.patch
 hurd-path-max.diff
 20120517-r35434.patch
+20120927-cve_2011_1005.patch
+20120927-rubygems_disable_upstream_certs.patch
diff -Nru ruby1.9.1-1.9.3.194/debian/rules ruby1.9.1-1.9.3.194/debian/rules
--- ruby1.9.1-1.9.3.194/debian/rules	2012-06-02 03:35:36.000000000 -0700
+++ ruby1.9.1-1.9.3.194/debian/rules	2012-09-28 00:09:07.000000000 -0700
@@ -170,7 +170,8 @@
 	    for f in libruby-$(ruby_ver).so.$(ruby_ver) libruby-$(ruby_ver).so.$(ruby_ver_major); do \
 		echo usr/lib/$$f; \
 	    done) | xargs dh_movefiles -p$(cdbs_curpkg) 
-	dh_movefiles -p$(cdbs_curpkg) $(ruby_libdir)
+	# Do not install the SSL certs bundled in the upstream source
+	dh_movefiles -p$(cdbs_curpkg) -Xssl_certs $(ruby_libdir)
 
 	cd $(DEB_SRCDIR)/ext && \
 	for dir in \