rpms/ruby/F-9 .cvsignore, 1.25, 1.26 ruby.spec, 1.116, 1.117 sources, 1.23, 1.24 ruby-1.8.6.111-CVE-2007-5162.patch, 1.1, NONE

Akira TAGOH (tagoh) fedora-extras-commits at redhat.com
Tue Jun 24 03:20:00 UTC 2008 

Author: tagoh

Update of /cvs/pkgs/rpms/ruby/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30464

Modified Files:
	.cvsignore ruby.spec sources 
Removed Files:
	ruby-1.8.6.111-CVE-2007-5162.patch 
Log Message:
* Tue Jun 24 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-1
- New upstream release.
- Security fixes. (#452294).
  - CVE-2008-1891: WEBrick CGI source disclosure.
  - CVE-2008-2662: Integer overflow in rb_str_buf_append().
  - CVE-2008-2663: Integer overflow in rb_ary_store().
  - CVE-2008-2664: Unsafe use of alloca in rb_str_format().
  - CVE-2008-2725: Integer overflow in rb_ary_splice().
  - CVE-2008-2726: Integer overflow in rb_ary_splice().
- ruby-1.8.6.111-CVE-2007-5162.patch: removed.


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/F-9/.cvsignore,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- .cvsignore	10 Mar 2008 04:28:30 -0000	1.25
+++ .cvsignore	24 Jun 2008 03:19:02 -0000	1.26
@@ -21,3 +21,4 @@
 rubyfaq-990927.tar.gz
 rubyfaq-jp-990927.tar.gz
 ruby-1.8.6-p114.tar.bz2
+ruby-1.8.6-p230.tar.bz2


Index: ruby.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/F-9/ruby.spec,v
retrieving revision 1.116
retrieving revision 1.117
diff -u -r1.116 -r1.117
--- ruby.spec	10 Mar 2008 05:27:02 -0000	1.116
+++ ruby.spec	24 Jun 2008 03:19:02 -0000	1.117
@@ -1,6 +1,6 @@
 %define	rubyxver	1.8
 %define	rubyver		1.8.6
-%define _patchlevel	114
+%define _patchlevel	230
 %define dotpatchlevel	%{?_patchlevel:.%{_patchlevel}}
 %define patchlevel	%{?_patchlevel:-p%{_patchlevel}}
 %define	arcver		%{rubyver}%{?patchlevel}
@@ -35,7 +35,6 @@
 Patch21:	ruby-deprecated-sitelib-search-path.patch
 Patch22:	ruby-deprecated-search-path.patch
 Patch23:	ruby-multilib.patch
-Patch24:	ruby-1.8.6.111-CVE-2007-5162.patch
 Patch25:	ruby-1.8.6.111-gcc43.patch
 
 Summary:	An interpreter of object-oriented scripting language
@@ -156,7 +155,6 @@
 %patch22 -p1
 %patch23 -p1
 %endif
-%patch24 -p1
 %patch25 -p1
 popd
 
@@ -514,6 +512,17 @@
 %endif
 
 %changelog
+* Tue Jun 24 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-1
+- New upstream release.
+- Security fixes. (#452294).
+  - CVE-2008-1891: WEBrick CGI source disclosure.
+  - CVE-2008-2662: Integer overflow in rb_str_buf_append().
+  - CVE-2008-2663: Integer overflow in rb_ary_store().
+  - CVE-2008-2664: Unsafe use of alloca in rb_str_format().
+  - CVE-2008-2725: Integer overflow in rb_ary_splice().
+  - CVE-2008-2726: Integer overflow in rb_ary_splice().
+- ruby-1.8.6.111-CVE-2007-5162.patch: removed.
+
 * Tue Mar  4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.114-1
 - Security fix for CVE-2008-1145.
 - Improve a spec file. (#226381)


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/F-9/sources,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- sources	10 Mar 2008 04:28:30 -0000	1.23
+++ sources	24 Jun 2008 03:19:02 -0000	1.24
@@ -3,4 +3,4 @@
 e1d38b7d4f1be55726d6927a3395ce3b  ruby-1.8.6-p111.tar.bz2
 634c25b14e19925d10af3720d72e8741  rubyfaq-990927.tar.gz
 4fcec898f51d8371cc42d0a013940469  rubyfaq-jp-990927.tar.gz
-b4d0c74497f684814bcfbb41b7384a71  ruby-1.8.6-p114.tar.bz2
+3eceb42d4fc56398676c20a49ac7e044  ruby-1.8.6-p230.tar.bz2


--- ruby-1.8.6.111-CVE-2007-5162.patch DELETED ---

More information about the fedora-extras-commits mailing list