CVE-2011-4815: Hashdos in ruby 1.8.7.302-2squeeze1 unfixed

To: debian-security@lists.debian.org
Subject: CVE-2011-4815: Hashdos in ruby 1.8.7.302-2squeeze1 unfixed
From: Niko Thome <niko.thome@gmx.net>
Date: Fri, 16 Nov 2012 12:37:29 +0100
Message-id: <[🔎] 50A62579.9060403@gmx.net>

Hi everyone,

apparently the wheezy version of ruby (1.8.7.358-6) got a fix for CVE-2011-4815
but not the squeeze package. Is there a special reason for that?

A colleague prepared a back-port patch for the squeeze package. It would be
great if this will find it's way into the squeeze package.

Also, if someone has a "ready to run" test script handy to check if this patch
works properly feel free to do so.

cheers

niko

Attachment: randomize_hash_backport.patch.gz
Description: GNU Zip compressed data

Reply to:

Prev by Date: Re: Bug#693210: server crash on prearing an empty query with tracing enabled
Next by Date: Where is typo3-src/4.3.9+dfsg1-1+squeeze7 ?
Previous by thread: Re: Bug#693210: server crash on prearing an empty query with tracing enabled
Next by thread: Where is typo3-src/4.3.9+dfsg1-1+squeeze7 ?
Index(es):
- Date
- Thread