

Subject: [ANN] Ruby 1.9.1-p376 is out

From: "Yugui (Yuki Sonoda)" <yugui@ g . >

Date: Mon, 7 Dec 2009 13:50:14 +0900

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ruby 1.9.1-p376 just has been released. This is a patch level release of Ruby 1.9.1 and includes the fix of CVE-2009-4124. == CVE-2009-4124 The previous release, Ruby 1.9.1-p243 has a security vulnerability that allows heap overflow. This vulnerability was found by Emmanouel Kellinis, KPMG London. I recommend all Ruby 1.9.1 users to upgrade to p376. But the vulnerability does not affect Ruby 1.8 series. == Other fixes In addition, 1.9.1-p376 includes > 100 bug fixes. * Irb extension commands had been broken. It was fixed. * Ripper had not been able to parse some Ruby codes. It was fixed. * Fixed build failures on AIX. * Some bug fixes of Matrix. * Can load gems which is installed in an user's home directory. * Some method became returning a string with a correct encoding. See the ChangeLog for more detail. * http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_9_1/ChangeLog == Location * http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.tar.bz2 SIZE: 7293106 bytes MD5: e019ae9c643c5efe91be49e29781fb94 SHA256: 79164e647e23bb7c705195e0075ce6020c30dd5ec4f8c8a12a100fe0eb0d6783 * http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.tar.gz SIZE: 9073007 bytes MD5: ebb20550a11e7f1a2fbd6fdec2a3e0a3 SHA256: 58b8fc1645283fcf3d5be195dffcaf55b7c85cbc210074273b57b835409b21ca * http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.zip SIZE: 10337871 bytes MD5: d4d5e62f65cb92a281f1569a7f25371b SHA256: 486d3efdab269040ce7142964ba3a4e0d46f0a5b812136bcac7e5bafc726c14e - -- Yugui (Yuki Sonoda) <yugui / yugui.jp> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/