Hi Daigo, * Daigo Moriwaki <[EMAIL PROTECTED]> [2008-03-05 14:11]: > Package: ruby1.8 > Version: 1.8.6.111-4 > Severity: grave > Tags: security > Justification: user security hole > > WEBrick, a standard library of Ruby to implement HTTP servers, has file > access vulnerability[1]. Attackers may access private files. The fixed > versions have been released by the upstream. > > Vulnerable versions [...] Are you sure this affects us? From the text: "Affected systems are: Systems that accept backslash (\) as a path separator, such as Windows. Systems that use case insensitive filesystems such as NTFS on Windows, HFS on Mac OS X."
On Linux file names are case sensitive and backslash is not valid as a path separator. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpMyXenYnZsE.pgp
Description: PGP signature
