Package: ruby1.8 Version: 1.8.2-7sarge2 Severity: important Tags: security
CVE-2006-1931: "The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data." Contrary to the CVE record, this is not fixed in 1.8.2 (I checked the source). However, I don't know if it is severe enough for a DSA. What do you think? See also https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
