This bug was fixed in the package ruby1.9.1 - 1.9.3.194-1ubuntu1
--------------- ruby1.9.1 (1.9.3.194-1ubuntu1) quantal; urgency=low
* SECURITY UPDATE: Safe level bypass - debian/patches/20120927-cve_2011_1005.patch: Remove incorrect string taint in exception handling methods. Based on upstream patch. - CVE-2011-1005 * Make the RubyGems fetcher use distro-provided ca-certificates (LP: #1057926) - debian/control: Add ca-certificates to libruby1.9.1 depends so that rubygems can perform certificate verification - debian/rules: Don't install SSL certificates from upstream sources - debian/patches/20120927-rubygems_disable_upstream_certs.patch: Use /etc/ssl/certs/ca-certificates.crt for the trusted CA certificates. -- Tyler Hicks <email address hidden> Thu, 27 Sep 2012 20:37:54 -0700
This bug was fixed in the package ruby1.9.1 - 1.9.3.194-1ubuntu1
--------------- 194-1ubuntu1) quantal; urgency=low
ruby1.9.1 (1.9.3.
* SECURITY UPDATE: Safe level bypass patches/ 20120927- cve_2011_ 1005.patch: Remove incorrect string patches/ 20120927- rubygems_ disable_ upstream_ certs.patch: Use etc/ssl/ certs/ca- certificates. crt for the trusted CA certificates.
- debian/
taint in exception handling methods. Based on upstream patch.
- CVE-2011-1005
* Make the RubyGems fetcher use distro-provided ca-certificates
(LP: #1057926)
- debian/control: Add ca-certificates to libruby1.9.1 depends so that
rubygems can perform certificate verification
- debian/rules: Don't install SSL certificates from upstream sources
- debian/
/
-- Tyler Hicks <email address hidden> Thu, 27 Sep 2012 20:37:54 -0700