Message-ID: <email address hidden> Date: Sat, 8 Oct 2005 11:22:00 +0200 From: Martin Pitt <email address hidden> To: Debian BTS Submit <email address hidden> Cc: <email address hidden> Subject: ruby1.8: [CAN-2005-2337] safe mode bypass
--9zSXsLTf0vkW971A Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
Package: ruby1.8 Version: 1.8.2-9 Severity: grave Tags: security patch
Hi!
There is a safe mode bypass in all Ruby versions:
http://www.ruby-lang.org/en/20051003.html
This page also contains a patch (which does not apply perfectly since the XMLRPC issue is already fixed, but for eval.c it applies fine).
This has been assigned CAN-2005-2337, please mention this number in the changelog when you fix this.
Thanks,
Martin
--=20 Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
--9zSXsLTf0vkW971A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDR4+3DecnbV4Fd/IRArvTAJ9C3weP3PiKAeQib8TOYeoJDnS37wCfWoIQ ATmuXKemFTPWqB95mzqHG4Q= =WpUw -----END PGP SIGNATURE-----
--9zSXsLTf0vkW971A--
Message-ID: <email address hidden>
Date: Sat, 8 Oct 2005 11:22:00 +0200
From: Martin Pitt <email address hidden>
To: Debian BTS Submit <email address hidden>
Cc: <email address hidden>
Subject: ruby1.8: [CAN-2005-2337] safe mode bypass
--9zSXsLTf0vkW971A Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: ruby1.8
Version: 1.8.2-9
Severity: grave
Tags: security patch
Hi!
There is a safe mode bypass in all Ruby versions:
http:// www.ruby- lang.org/ en/20051003. html
This page also contains a patch (which does not apply perfectly since
the XMLRPC issue is already fixed, but for eval.c it applies fine).
This has been assigned CAN-2005-2337, please mention this number in
the changelog when you fix this.
Thanks,
Martin
--=20 www.piware. de www.ubuntulinux .org www.debian. org
Martin Pitt http://
Ubuntu Developer http://
Debian Developer http://
--9zSXsLTf0vkW971A pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
3DecnbV4Fd/ IRArvTAJ9C3weP3 PiKAeQib8TOYeoJ DnS37wCfWoIQ 5mzqHG4Q=
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDR4+
ATmuXKemFTPWqB9
=WpUw
-----END PGP SIGNATURE-----
--9zSXsLTf0vkW9 71A--