Univention Bugzilla – Bug 36993
ruby1.9.1: Multiple issues (4.0)
Last modified: 2017-10-26 13:54:45 CEST
Object taint bypassing in DL and Fiddle (CVE-2013-2065) Denial of service in the encodes() function (CVE-2014-4975) Denial of service through unrestricted XML entity expansion (CVE-2014-8080, CVE-2014-8090)
Man-in-the-middle attack via crafted SSL certificates (CVE-2015-1855)
Fix available in upstream Debian version 1.9.3.194-8.1+deb7u5
* ruby1.9.1 1.9.3.194-8.1+deb7u5 was imported and build to scope errata4.0-3. * Drop test patch (4.0-0-0-ucs/1.9.3.194-8.1+deb7u5-errata4.0-3/drop-test.patch) was updated. * r15230, r15232 and 15233 add a new patch (4.0-0-0-ucs/1.9.3.194-8.1+deb7u5-errata4.0-3/020-raise-test-dh-size.patch) to make openssl tests work. * YAML (r63405, r63409): 2015-09-02-ruby1.9.1.yaml 2013-2065: oldstable: not vulnerable
YAML: OK ruby tests: OK Redmine tested: OK
<http://errata.software-univention.de/ucs/4.0/313.html>