[Lunar-commits] <moonbase> ruby: Security update to 1.8.7-p249 WEBrick has an Escape Sequence Injection vulnerability A vulnerability was found on WEBrick, a part of Ruby's standard library. WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator.
Zbigniew Luszpinski
zbiggy at lunar-linux.org
Sat Jan 30 17:46:10 CET 2010
commit f0dea04c6c9158bfc71051aac32fdf6b4a39d1be
Author: Zbigniew Luszpinski <zbiggy at lunar-linux.org>
Date: Sat Jan 30 17:46:10 2010 +0100
ruby: Security update to 1.8.7-p249
WEBrick has an Escape Sequence Injection vulnerability
A vulnerability was found on WEBrick, a part of Ruby's standard library.
WEBrick lets attackers to inject malicious escape sequences to its logs,
making it possible for dangerous control characters to be executed on a victim's terminal emulator.
Affected versions
* Ruby 1.8.6 patchlevel 383 and all prior versions
* Ruby 1.8.7 patchlevel 248 and all prior versions
* Development versions of Ruby 1.8 (1.8.8dev)
* Ruby 1.9.1 patchlevel 376 and all prior versions
* Development versions of Ruby 1.9 (1.9.2dev)
---
compilers/ruby/DETAILS | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/compilers/ruby/DETAILS b/compilers/ruby/DETAILS
index 6d0f456..6c62fc3 100644
--- a/compilers/ruby/DETAILS
+++ b/compilers/ruby/DETAILS
@@ -1,12 +1,12 @@
MODULE=ruby
- VERSION=1.8.7-p248
+ VERSION=1.8.7-p249
SOURCE=$MODULE-$VERSION.tar.gz
SOURCE_URL[0]=http://ftp.ruby-lang.org/pub/$MODULE/1.8
SOURCE_URL[1]=http://gd.tuwien.ac.at/languages/$MODULE
- SOURCE_VFY=sha1:7b1531d209d60fbc89caa317a46014e5e3fa3c35
+ SOURCE_VFY=sha1:4297b138e64e5caf523114a6213aa9d9b85e0550
WEB_SITE=http://www.ruby-lang.org/en
ENTERED=20020106
- UPDATED=20091225
+ UPDATED=20100130
SHORT="A scripting language"
cat << EOF
More information about the Lunar-commits
mailing list