#1512 closed defect (fixed)
CAN-2005-1992 vulnerability to arbitrary command execution
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | highest | Milestone: | |
| Component: | BOOK | Version: | b-6.1-pre1 |
| Severity: | major | Keywords: | |
| Cc: |
Description
Contrary to original reports from distro(s), this vulnerability *does* apply to ruby-1.8.2 which is in both 6.1-pre and svn. There is a fix at http://www.ruby-lang.org/patches/ruby-1.8.2-xmlrpc-ipimethods-fix.diff - this definitely applies to 1.8.2, and it builds and completes 'make test' with it.
Ken
Change History (6)
comment:1 by , 19 years ago
| Milestone: | future → 6.1 |
|---|---|
| Owner: | changed from to |
| rep_platform: | PC → All |
comment:2 by , 19 years ago
| Status: | new → assigned |
|---|
comment:3 by , 19 years ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
comment:4 by , 19 years ago
| Status: | new → assigned |
|---|
comment:5 by , 19 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Merged changes from ruby into 6.1-pre2.
Note:
See TracTickets
for help on using tickets.
Added the installation of the patch to the Ruby instructions
Keeping this bug open until Bruce merges the commit (R4895) to the 6.1 branch.