summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Peter Michael Green [Sat, 21 Oct 2017 22:40:37 +0000 (23:40 +0100)]
Merge ruby2.3 (2.3.3-1+deb9u1+rpi1) import into refs/heads/workingbranch
Antonio Terceiro [Sat, 21 Oct 2017 22:40:37 +0000 (23:40 +0100)]
debian-changes
This patch file represents the entire difference between the package as shipped
by Debian and the official upstream sources. The goal is to maintain this file
as small as possible, avoiding non-upstreamed patches at all costs.
The Debian packaging is maintained in the following Git repository:
http://anonscm.debian.org/gitweb/?p=collab-maint/ruby.git
To obtain a view of the individual commits that affect non-Debian-specific
files, you can clone that repository, and from the master branch, run:
$ ./debian/upstream-changes
Gbp-Pq: Name debian-changes
Peter Michael Green [Sat, 21 Oct 2017 22:40:37 +0000 (23:40 +0100)]
ruby2.3 (2.3.3-1+deb9u1+rpi1) stretch-staging; urgency=medium
* Disable testsuite.
[dgit import unpatched ruby2.3 2.3.3-1+deb9u1+rpi1]
Peter Michael Green [Sat, 21 Oct 2017 22:40:37 +0000 (23:40 +0100)]
Import ruby2.3_2.3.3-1+deb9u1+rpi1.debian.tar.xz
[dgit import tarball ruby2.3 2.3.3-1+deb9u1+rpi1 ruby2.3_2.3.3-1+deb9u1+rpi1.debian.tar.xz]
Antonio Terceiro [Sat, 2 Sep 2017 18:11:07 +0000 (19:11 +0100)]
debian-changes
This patch file represents the entire difference between the package as shipped
by Debian and the official upstream sources. The goal is to maintain this file
as small as possible, avoiding non-upstreamed patches at all costs.
The Debian packaging is maintained in the following Git repository:
http://anonscm.debian.org/gitweb/?p=collab-maint/ruby.git
To obtain a view of the individual commits that affect non-Debian-specific
files, you can clone that repository, and from the master branch, run:
$ ./debian/upstream-changes
Gbp-Pq: Name debian-changes
Antonio Terceiro [Sat, 2 Sep 2017 18:11:07 +0000 (19:11 +0100)]
ruby2.3 (2.3.3-1+deb9u1) stretch-security; urgency=high
* Fix arbitrary heap exposure problem in the JSON library (Closes: #873906)
[CVE-2017-14064]
- Backported for Ruby 2.3 by Hiroshi SHIBATA <hsbt@ruby-lang.org>
https://bugs.ruby-lang.org/issues/13853
* Fix multiple security vulnerabilities in Rubygems (Closes: #873802)
- Fix a DNS request hijacking vulnerability. Discovered by Jonathan
Claudius, fix by Samuel Giddins.
[CVE-2017-0902]
- Fix an ANSI escape sequence vulnerability. Discovered by Yusuke Endoh,
fix by Evan Phoenix.
[CVE-2017-0899]
- Fix a DOS vulernerability in the query command. Discovered by Yusuke
Endoh, fix by Samuel Giddins.
[CVE-2017-0900]
- Fix a vulnerability in the gem installer that allowed a malicious gem to
overwrite arbitrary files. Discovered by Yusuke Endoh, fix by Samuel
Giddins.
[CVE-2017-0901]
* Fix SMTP comment injection (Closes: #864860)
Patch by Shugo Maeda <shugo@ruby-lang.org>
[CVE-2015-9096]
* Fix IV Reuse in GCM Mode (Closes: #842432)
Patch by Kazuki Yamaguchi <k@rhe.jp>
[CVE-2016-7798]
[dgit import unpatched ruby2.3 2.3.3-1+deb9u1]
Antonio Terceiro [Sat, 2 Sep 2017 18:11:07 +0000 (19:11 +0100)]
Import ruby2.3_2.3.3-1+deb9u1.debian.tar.xz
[dgit import tarball ruby2.3 2.3.3-1+deb9u1 ruby2.3_2.3.3-1+deb9u1.debian.tar.xz]
Christian Hofstaedtler [Tue, 22 Nov 2016 12:32:41 +0000 (12:32 +0000)]
Import ruby2.3_2.3.3.orig.tar.xz
[dgit import orig ruby2.3_2.3.3.orig.tar.xz]
projects / ruby2.3.git / log