File _patchinfo of Package patchinfo.import5660
<patchinfo incident="ruby" version="5660"> <issue tracker="bnc" id="704409" /> <issue tracker="bnc" id="739122" /> <issue tracker="CVE" id="CVE-2011-2686" /> <issue tracker="CVE" id="CVE-2011-3009" /> <issue tracker="CVE" id="CVE-2011-2705" /> <issue tracker="CVE" id="CVE-2011-4815" /> <category>security</category> <rating>low</rating> <summary>Ruby: Update to 1.8,6p357</summary> <description>This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes, which are fully compatible with the previous version. You can review the detailed list here: http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLo g The particularly noteworthy fixes are: - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks (CVE-2011-4815). For this OpenSSL::Random.seed at the SecureRandom.random_bytes is used if available. - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - initialize store->ex_data.sk. - some IPv6 related fixes - zlib fixes - reinitialize PRNG when forking children (CVE-2011-2686/CVE-2011-3009) - securerandom fixes (CVE-2011-2705) - uri route_to fixes - fix race condition with variables and autoload </description> <packager>adrianSuSE</packager> </patchinfo>
