Author: fw Date: 2009-08-12 19:44:35 +0000 (Wed, 12 Aug 2009) New Revision: 12579 Modified: data/CVE/list Log: CVE-2009-1904: ruby1.9 affected We still have got Ruby 1.9, and it crashes. Upstream talks about Ruby 1.9.1. Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-12 16:37:50 UTC (rev 12578) +++ data/CVE/list 2009-08-12 19:44:35 UTC (rev 12579) @@ -2370,7 +2370,7 @@ NOT-FOR-US: IBM DB2 CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...) - ruby1.8 1.8.7.173-1 (low; bug #532689) - - ruby1.9 <not-affected> + - ruby1.9 <unfixed> NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/ CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows ...) - libapache-mod-security 2.5.9-1