On 29/03/10 at 10:00 +0200, Giuseppe Iuculano wrote: > Package: ruby1.9 > Severity: serious > Tags: security > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for ruby1.9. > > CVE-2009-1904[0]: > | The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 > | allows context-dependent attackers to cause a denial of service > | (application crash) via a string argument that represents a large > | number, as demonstrated by an attempted conversion to the Float data > | type. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904 > http://security-tracker.debian.org/tracker/CVE-2009-1904
Hi, The version of ruby1.9 in lenny is likely to be affected, but I'm tempted to just ignore that bug. Ruby 1.9 is a development branch of Ruby, I don't think that anybody uses it for anything serious. -- | Lucas Nussbaum | lu...@lucas-nussbaum.net http://www.lucas-nussbaum.net/ | | jabber: lu...@nussbaum.fr GPG: 1024D/023B3F4F | -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
