[Lunar-commits] <moonbase> ruby: Security update to 1.8.7-p249 WEBrick has an Escape Sequence Injection vulnerability A vulnerability was found on WEBrick, a part of Ruby's standard library. WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator.

Zbigniew Luszpinski zbiggy at lunar-linux.org
Sat Jan 30 17:46:10 CET 2010


commit f0dea04c6c9158bfc71051aac32fdf6b4a39d1be
Author: Zbigniew Luszpinski <zbiggy at lunar-linux.org>
Date:   Sat Jan 30 17:46:10 2010 +0100

    ruby: Security update to 1.8.7-p249
    WEBrick has an Escape Sequence Injection vulnerability
    A vulnerability was found on WEBrick, a part of Ruby's standard library.
    WEBrick lets attackers to inject malicious escape sequences to its logs,
    making it possible for dangerous control characters to be executed on a victim's terminal emulator.
    
    Affected versions
        * Ruby 1.8.6 patchlevel 383 and all prior versions
        * Ruby 1.8.7 patchlevel 248 and all prior versions
        * Development versions of Ruby 1.8 (1.8.8dev)
        * Ruby 1.9.1 patchlevel 376 and all prior versions
        * Development versions of Ruby 1.9 (1.9.2dev)
---
 compilers/ruby/DETAILS |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/compilers/ruby/DETAILS b/compilers/ruby/DETAILS
index 6d0f456..6c62fc3 100644
--- a/compilers/ruby/DETAILS
+++ b/compilers/ruby/DETAILS
@@ -1,12 +1,12 @@
           MODULE=ruby
-         VERSION=1.8.7-p248
+         VERSION=1.8.7-p249
           SOURCE=$MODULE-$VERSION.tar.gz
    SOURCE_URL[0]=http://ftp.ruby-lang.org/pub/$MODULE/1.8
    SOURCE_URL[1]=http://gd.tuwien.ac.at/languages/$MODULE
-      SOURCE_VFY=sha1:7b1531d209d60fbc89caa317a46014e5e3fa3c35
+      SOURCE_VFY=sha1:4297b138e64e5caf523114a6213aa9d9b85e0550
         WEB_SITE=http://www.ruby-lang.org/en
          ENTERED=20020106
-         UPDATED=20091225
+         UPDATED=20100130
            SHORT="A scripting language"
 
 cat << EOF


More information about the Lunar-commits mailing list