On 11/01/10 at 09:20 +0900, Daigo Moriwaki wrote: > Package: ruby1.9 > Severity: grave > Tags: security > Justification: user security hole > > The upstream has released a vulnerability fix in WEBrick, a part of Ruby's > standard library. WEBrick lets attackers to inject malicious escap > e sequences to its logs, making it possible for dangerous control characters > to be executed on a victim's terminal emulator.
Fixed everywhere except ruby1.9/lenny, which I'm tempted to ignore. -- | Lucas Nussbaum | lu...@lucas-nussbaum.net http://www.lucas-nussbaum.net/ | | jabber: lu...@nussbaum.fr GPG: 1024D/023B3F4F | -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
