Package: ruby1.9 Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for ruby1.9. CVE-2009-1904[0]: | The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 | allows context-dependent attackers to cause a denial of service | (application crash) via a string argument that represents a large | number, as demonstrated by an attempted conversion to the Float data | type. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904 http://security-tracker.debian.org/tracker/CVE-2009-1904 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuwXjUACgkQNxpp46476aqPlgCeN7jJjG1e0KuaDptQwhb464CH 5F4AnAnWvXTKKcf+RNBCoYhW3j5J0O1V =y4x9 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
