| ruby-tcltk-1.8.1-18.el4.i386
              [526 KiB] | Changelog
              by Vít Ondruch (2012-01-13): - Simplified fix for CVE-2011-4815.
- Properly initialize the random number generator when forking new process
  * ruby-1.8.7-CVE-2011-3009.patch
  - Related: rhbz#768828 | 
            | ruby-tcltk-1.8.1-16.el4.i386
              [527 KiB] | Changelog
              by Vít Ondruch (2011-06-06): - Comply with guidelines
- Related: rhbz#709959 | 
            | ruby-tcltk-1.8.1-7.el4_8.3.i386
              [526 KiB] | Changelog
              by Akira TAGOH (2009-06-17): - security fixes. (#505085)
- CVE-2007-1558: APOP password disclosure vulnerability.
- CVE-2009-0642: Incorrect checks for validity of X.509 certificates.
- CVE-2009-1904: DoS vulnerability in BigDecimal. | 
            | ruby-tcltk-1.8.1-7.el4_7.2.i386
              [525 KiB] | Changelog
              by Akira TAGOH (2008-11-19): - security fix (#472067)
- CVE-2008-4310: real fix for CVE-2008-3656. original patch named as fix for
                 CVE-2008-3656 actually fixed different issue (CVE-2008-1145),
                 hence we are providing correct patch and renaming original
                 patch to refer to proper CVE. | 
            | ruby-tcltk-1.8.1-7.el4_7.1.i386
              [524 KiB] | Changelog
              by Akira TAGOH (2008-10-08): - security fixes. (#461579)
- CVE-2008-3655: multiple insufficient safe mode restrictions.
- CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption).
- CVE-2008-3657: missing "taintness" checks in dl module.
- CVE-2008-3905: use of predictable source port and transaction id in DNS
                 requests done by resolv.rb module.
- CVE-2008-3443: Memory allocation failure in Ruby regex engine
                 (remotely exploitable DoS).
- CVE-2008-3790: DoS vulnerability in the REXML module. | 
            | ruby-tcltk-1.8.1-7.el4_6.1.i386
              [524 KiB] | Changelog
              by Akira TAGOH (2008-07-02): - security fixes. (#451926)
- CVE-2008-2662: Integer overflow in rb_str_buf_append().
- CVE-2008-2663: Integer overflow in rb_ary_store().
- CVE-2008-2664: Unsafe use of alloca in rb_str_format().
- CVE-2008-2725: Integer overflow in rb_ary_update().
- CVE-2008-2726: Integer overflow in rb_ary_update().
- CVE-2008-2376: Integer overflow in rb_ary_fill(). | 
            | ruby-tcltk-1.8.1-7.EL4.8.1.i386
              [523 KiB] | Changelog
              by Akira TAGOH (2007-10-27): - security fixes (#320371)
- ruby-1.8.1-cgi-CVE-2006-6303.patch: fix an infinite loop with certain HTTp
  request.
- ruby-1.8.1-CVE-2007-5162.patch: fix an insufficient verification of SSL
  certificate. | 
            | ruby-tcltk-1.8.1-7.EL4.8.i386
              [523 KiB] | Changelog
              by Akira TAGOH (2006-11-01): - BR tcl-devel and tk-devel instead of tcl and tk. | 
            | ruby-tcltk-1.8.1-7.EL4.6.i386
              [523 KiB] | Changelog
              by Akira TAGOH (2006-07-20): - security fixes [CVE-2006-3694]
  - fixed the insecure operations on Dir and Regexp in the certain safe-level
    restrictions. (#199539)
  - fixed to not bypass the certain safe-level restrictions. (#199545) | 
            | ruby-tcltk-1.8.1-7.EL4.3.i386
              [522 KiB] | Changelog
              by Akira TAGOH (2006-04-21): - security fix [CVE-2006-1931]
- ruby-1.8.2-webrick-dos-1.patch: a patch to read data with non-blocking I/O.
- ruby-1.8.2-xmlrpc-dos-1.patch: a patch to use WEBrick's HTTPServer class to
  avoid the above issue as well. | 
            | ruby-tcltk-1.8.1-7.EL4.2.i386
              [522 KiB] | Changelog
              by Akira TAGOH (2005-10-05): - security fix [CAN-2005-2337]
- ruby-1.8.1-safe-CAN-2005-2337.patch: a patch to preserve safe level in
  the environment where a method is defined. (#169575) | 
            | ruby-tcltk-1.8.1-7.EL4.1.i386
              [522 KiB] | Changelog
              by Akira TAGOH (2005-06-21): - security fix [CAN-2005-1992]
- ruby-1.8.2-tcltk-multilib.patch: applied to get tcltklib.so built.
- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: applied to fix the arbitrary command
  execution on XMLRPC server. (#161095) |