Daigo Moriwaki
2008-Jun-20 13:53 UTC
[Secure-testing-team] Bug#487239: ruby1.9: Arbitrary code execution vulnerability and so on
Package: ruby1.9 Version: 1.9.0.1-5 Severity: grave Tags: security Justification: user security hole The upstream has announced multiple vulnerabilities in Ruby. They may lead to a denial of service (DoS) condition or allow execution of arbitrary code. * CVE-2008-2662 * CVE-2008-2663 * CVE-2008-2725 * CVE-2008-2726 * CVE-2008-2727 * CVE-2008-2728 * CVE-2008-2664 Vulnerable versions 1.8 series * 1.8.4 and all prior versions * 1.8.5-p230 and all prior versions * 1.8.6-p229 and all prior versions * 1.8.7-p21 and all prior versions 1.9 series * 1.9.0-1 and all prior versions -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, ''testing''), (500, ''stable''), (90, ''unstable''), (1, ''experimental'') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores) Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP) Shell: /bin/sh linked to /bin/bash Versions of packages ruby1.9 depends on: ii libc6 2.7-10 GNU C Library: Shared libraries ii libruby1.9 1.9.0.1-5 Libraries necessary to run Ruby 1. ruby1.9 recommends no packages. -- no debconf information