Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-1005

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.

Related bugs and status

CVE-2011-1005 (Candidate) is related to these bugs:

Bug #1057926: RubyGems should use ca-certificates for SSL verification

Summary				In	Importance	Status
	1057926	RubyGems should use ca-certificates for SSL verification		rubygems (Ubuntu)	Medium	Fix Released
	1057926	RubyGems should use ca-certificates for SSL verification		ruby1.9.1 (Ubuntu)	Medium	Fix Released

Bug #1131493: Please merge ruby1.9.1 1.9.3.194-7 (main) from Debian testing (main)

Summary				In	Importance	Status
	1131493	Please merge ruby1.9.1 1.9.3.194-7 (main) from Debian testing (main)		ruby1.9.1 (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://osvdb.org/70957
MISC: http://www.vupen.com/e...
MISC: http://lists.apple.com...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.mandriva.co...
MISC: http://www.mandriva.co...
MISC: https://bugzilla.redha...
MISC: http://www.redhat.com/...
MISC: http://www.redhat.com/...
MISC: http://www.redhat.com/...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://support.apple.c...
MISC: http://www.ruby-lang.o...