Moritz Muehlenhoff escreveu: > Package: ruby1.9.1 > Severity: grave > Tags: security > Justification: user security hole > > Please see > http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/ > > The advisory doesn't mention Ruby 1.8, can you please double-check, whether > it is > affected?
Ruby 1.8 is not affected:
$ irb1.8
>> p File.exists?("foo")
false
=> nil
>> open("foo\0bar", "w") { |f| f.puts "hai" }
ArgumentError: string contains null byte
from (irb):2:in `initialize'
from (irb):2:in `open'
from (irb):2
>> p File.exists?("foo")
false
=> nil
>> p File.exists?("foo\0bar")
ArgumentError: string contains null byte
from (irb):4:in `exists?'
from (irb):4
I will upload a fixed version of ruby1.9.1 ASAP. Thanks for reporting.
--
Antonio Terceiro <terce...@debian.org>
signature.asc
Description: Digital signature
