[Bug 1512] New: CAN-2005-1992 vulnerability to arbitrary command execution

blfs-bugs at linuxfromscratch.org blfs-bugs at linuxfromscratch.org
Mon Aug 8 10:06:20 PDT 2005


http://blfs-bugs.linuxfromscratch.org/show_bug.cgi?id=1512

           Summary: CAN-2005-1992 vulnerability to arbitrary command
                    execution
           Product: Beyond LinuxFromScratch
           Version: b-6.1-pre1
          Platform: PC
               URL: http://www.ruby-lang.org/en/20050701.html
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P1
         Component: BOOK
        AssignedTo: blfs-book at linuxfromscratch.org
        ReportedBy: ken at kenmoffat.uklinux.net
         QAContact: blfs-book at linuxfromscratch.org


Contrary to original reports from distro(s), this vulnerability *does* apply to
ruby-1.8.2 which is in both 6.1-pre and svn.  There is a fix at
http://www.ruby-lang.org/patches/ruby-1.8.2-xmlrpc-ipimethods-fix.diff - this
definitely applies to 1.8.2, and it builds and completes 'make test' with it.

Ken



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the QA contact for the bug, or are watching the QA contact.



More information about the blfs-book mailing list