Package: libgettext-ruby1.8
Version: 2.1.0-1
Severity: important
With $SAFE set to 1 or higher, _() produces SecurityError with most .mo
files on my system:
File: /usr/share/locale/en_GB/LC_MESSAGES/yelp.mo: Insecure operation -
initialize (SecurityError)
Code to reproduce the bug:
ls /usr/share/locale/en_GB/LC_MESSAGES/ | \
cut -d. -f1 | sort -u | \
while read l; do
echo $l
ruby -r gettext -e '$SAFE=1; include GetText;
bindtextdomain("'"$l"'"); _("t")'
done
There will be some files where the error isn't triggered, but I don't
see any pattern. Overall, this bug renders this library unusable with
$SAFE enabled. This issue wasn't present in versions 1.93 and earlier.
--
Dmitry Borodaenko
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (990, 'unstable'), (70, 'testing'), (50, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=be_BY.UTF-8, LC_CTYPE=be_BY.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libgettext-ruby1.8 depends on:
ii irb1.8 1.8.7.249-1 Interactive Ruby (for Ruby 1.8)
ii liblocale-ruby1.8 2.0.5-2 pure ruby locale library
ii libruby 4.2 Libraries necessary to run Ruby 1.
ii locales 2.10.2-6 Embedded GNU C Library: National L
ii ruby1.8 1.8.7.249-1 Interpreter of object-oriented scr
libgettext-ruby1.8 recommends no packages.
Versions of packages libgettext-ruby1.8 suggests:
ii gettext 0.17-9 GNU Internationalization utilities
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
