Ubuntu
ruby1.8 package

  1. Bug #23460
  2. Comment #0

Comment 0 for bug 23460

Revision history for this message
In , Martin Pitt (pitti) wrote :

Package: ruby1.8
Version: 1.8.2-9
Severity: grave
Tags: security patch

Hi!

There is a safe mode bypass in all Ruby versions:

  http://www.ruby-lang.org/en/20051003.html

This page also contains a patch (which does not apply perfectly since
the XMLRPC issue is already fixed, but for eval.c it applies fine).

This has been assigned CAN-2005-2337, please mention this number in
the changelog when you fix this.

Thanks,

Martin

--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org