Package: ruby1.8 Version: 1.8.7.302-2 Severity: normal http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
Exception#to_s method can be used to trick $SAFE check, which makes a untrusted codes to modify arbitrary strings. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (990, 'stable'), (500, 'squeeze-updates'), (500, 'oldstable'), (105, 'testing'), (90, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP) Shell: /bin/sh linked to /bin/dash Versions of packages ruby1.8 depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libruby1.8 1.8.7.302-2 Libraries necessary to run Ruby 1. ruby1.8 recommends no packages. Versions of packages ruby1.8 suggests: ii ri1.8 1.8.7.302-2 Ruby Interactive reference (for Ru ii ruby1.8-examples 1.8.7.302-2 Examples for Ruby 1.8 -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
