Package: ruby1.8 Version: 1.8.6.111-4 Severity: grave Tags: security Justification: user security hole
WEBrick, a standard library of Ruby to implement HTTP servers, has file access vulnerability[1]. Attackers may access private files. The fixed versions have been released by the upstream. Vulnerable versions 1.8 series * 1.8.4 and all prior versions * 1.8.5-p114 and all prior versions (etch) * 1.8.6-p113 and all prior versions (testing) 1.9 series * 1.9.0-1 and all prior versions (etch and testing) [1] http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable'), (90, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP) Shell: /bin/sh linked to /bin/bash Versions of packages ruby1.8 depends on: ii libc6 2.7-6 GNU C Library: Shared libraries ii libruby1.8 1.8.6.111-4 Libraries necessary to run Ruby 1. ruby1.8 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
