- Simplified fix for CVE-2011-4815.
- Properly initialize the random number generator when forking new process
  * ruby-1.8.7-CVE-2011-3009.patch
  - Related: rhbz#768828

- Comply with guidelines
- Related: rhbz#709959

- security fixes. (#505085)
- CVE-2007-1558: APOP password disclosure vulnerability.
- CVE-2009-0642: Incorrect checks for validity of X.509 certificates.
- CVE-2009-1904: DoS vulnerability in BigDecimal.

- security fix (#472067)
- CVE-2008-4310: real fix for CVE-2008-3656. original patch named as fix for
                 CVE-2008-3656 actually fixed different issue (CVE-2008-1145),
                 hence we are providing correct patch and renaming original
                 patch to refer to proper CVE.

- security fixes. (#461579)
- CVE-2008-3655: multiple insufficient safe mode restrictions.
- CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption).
- CVE-2008-3657: missing "taintness" checks in dl module.
- CVE-2008-3905: use of predictable source port and transaction id in DNS
                 requests done by resolv.rb module.
- CVE-2008-3443: Memory allocation failure in Ruby regex engine
                 (remotely exploitable DoS).
- CVE-2008-3790: DoS vulnerability in the REXML module.

- security fixes. (#451926)
- CVE-2008-2662: Integer overflow in rb_str_buf_append().
- CVE-2008-2663: Integer overflow in rb_ary_store().
- CVE-2008-2664: Unsafe use of alloca in rb_str_format().
- CVE-2008-2725: Integer overflow in rb_ary_update().
- CVE-2008-2726: Integer overflow in rb_ary_update().
- CVE-2008-2376: Integer overflow in rb_ary_fill().