summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorshyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2008-06-19 23:12:55 +0000
committershyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2008-06-19 23:12:55 +0000
commit6f60803beaecbacd6770b3e8527fc6ce5d8fef77 (patch)
tree1a52f48ea8d590ebca80c5c7c9a1751e2a0501d4 /ChangeLog
parent502b6f1fde3e275f784767df3824bc7e957bac09 (diff)
parent594a34bedacc74101e511e5861742cab0694c54e (diff)
add tag v1_8_7_20v1_8_7_20
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v1_8_7_20@17463 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog15
1 files changed, 15 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index d16a4922a5..04956f26bb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,18 @@
+Wed Jun 18 22:24:46 2008 URABE Shyouhei <shyouhei@ruby-lang.org>
+
+ * array.c (ary_new, rb_ary_initialize, rb_ary_store,
+ rb_ary_aplice, rb_ary_times): integer overflows should be
+ checked. based on patches from Drew Yao <ayao at apple.com>
+ fixed CVE-2008-2726
+
+ * string.c (rb_str_buf_append): fixed unsafe use of alloca,
+ which led memory corruption. based on a patch from Drew Yao
+ <ayao at apple.com> fixed CVE-2008-2726
+
+ * sprintf.c (rb_str_format): backported from trunk.
+
+ * intern.h: ditto.
+
Tue Jun 17 15:09:46 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (file_expand_path): no need to expand root path which has no