Package: ruby1.9 Version: 1.9.0.5-1 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for ruby1.9. Note this was fixed in 1.9.1, and it isn't really clear whether it affects 1.9. I can't find enough info to say either way. Please check.
CVE-2009-4124[0]: | Heap-based buffer overflow in the rb_str_justify function in string.c | in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to | execute arbitrary code via unspecified vectors involving (1) | String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of | these details are obtained from third party information. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4124 http://security-tracker.debian.org/tracker/CVE-2009-4124 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
