Your message dated Thu, 15 Nov 2007 14:23:14 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#401188: Acknowledgement (DoS Vulnerability in CGI Library)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: ruby
Version: 1.8.2-1 and all prior versions

A vulnerability has been discovered in the CGI library 
(/usr/lib/ruby/1.8/cgi.rb) that ships with Ruby which could be used by a 
malicious user to create a denial of service attack (DoS). The problem is 
triggered by sending the library an HTTP request that uses multipart MIME 
encoding and has an invalid boundary specifier that begins with “-” instead of 
“--”. Once triggered it will exhaust all available memory resources effectively 
creating a DoS condition.
Source: http://www.ruby-lang.org/en/news/2006/11/03/CVE-2006-5467/
Patch: http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-cgi-dos-1.patch





--- End Message ---
--- Begin Message ---
Version: 1.8.6-1

This bug was addressed on 2006-12-04 before 1.8.6 was 
released.
Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpC2Qr4KbgGJ.pgp
Description: PGP signature


--- End Message ---

Reply via email to