Debian
ruby1.8 package

Bug #23460
Comment #2

Comment 2 for bug 23460

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-10-08:

Message-ID: <email address hidden>
Date: Sat, 8 Oct 2005 11:22:00 +0200
From: Martin Pitt <email address hidden>
To: Debian BTS Submit <email address hidden>
Cc: <email address hidden>
Subject: ruby1.8: [CAN-2005-2337] safe mode bypass

--9zSXsLTf0vkW971A
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: ruby1.8
Version: 1.8.2-9
Severity: grave
Tags: security patch

Hi!

There is a safe mode bypass in all Ruby versions:

http://www.ruby-lang.org/en/20051003.html

This page also contains a patch (which does not apply perfectly since
the XMLRPC issue is already fixed, but for eval.c it applies fine).

This has been assigned CAN-2005-2337, please mention this number in
the changelog when you fix this.

Thanks,

Martin

--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org

--9zSXsLTf0vkW971A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDR4+3DecnbV4Fd/IRArvTAJ9C3weP3PiKAeQib8TOYeoJDnS37wCfWoIQ
ATmuXKemFTPWqB95mzqHG4Q=
=WpUw
-----END PGP SIGNATURE-----

--9zSXsLTf0vkW971A--

Debianruby1.8 package

Comment 2 for bug 23460

Debian
ruby1.8 package