Package: ruby1.8 Version: 1.8.2-9 Severity: grave Tags: security patch
Hi!
There is a safe mode bypass in all Ruby versions:
http://www.ruby-lang.org/en/20051003.html
This page also contains a patch (which does not apply perfectly since the XMLRPC issue is already fixed, but for eval.c it applies fine).
This has been assigned CAN-2005-2337, please mention this number in the changelog when you fix this.
Thanks,
Martin
-- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
Package: ruby1.8
Version: 1.8.2-9
Severity: grave
Tags: security patch
Hi!
There is a safe mode bypass in all Ruby versions:
http:// www.ruby- lang.org/ en/20051003. html
This page also contains a patch (which does not apply perfectly since
the XMLRPC issue is already fixed, but for eval.c it applies fine).
This has been assigned CAN-2005-2337, please mention this number in
the changelog when you fix this.
Thanks,
Martin
-- www.piware. de www.ubuntulinux .org www.debian. org
Martin Pitt http://
Ubuntu Developer http://
Debian Developer http://