Package: ruby1.8 Version: 1.8.5-4 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for ruby1.8.
CVE-2007-5770[0]: | The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, | and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that | the commonName (CN) field in a server certificate matches the domain | name in a request sent over SSL, which makes it easier for remote | attackers to intercept SSL transmissions via a man-in-the-middle | attack or spoofed web site, different components than CVE-2007-5162. If you fix this vulnerability please also include the CVE id in your changelog entry. This is fixed in the unstable ruby1.9 package. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5770 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpHEeJDWfT7W.pgp
Description: PGP signature
