Package: ruby1.9.1 Version: 1.9.2.0-2 Severity: normal http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
A symlink race condition vulnerability was found in FileUtils.remove_entry_secure. The vulnerability allows local users to delete arbitrary files and directories. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (990, 'stable'), (500, 'squeeze-updates'), (500, 'oldstable'), (105, 'testing'), (90, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP) Shell: /bin/sh linked to /bin/dash Versions of packages ruby1.9.1 depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libruby1.9.1 1.9.2.0-2 Libraries necessary to run Ruby 1. ruby1.9.1 recommends no packages. Versions of packages ruby1.9.1 suggests: ii graphviz 2.26.3-5 rich set of graph drawing tools ii ri1.9.1 1.9.2.0-2 Ruby Interactive reference (for Ru ii ruby1.9.1-dev 1.9.2.0-2 Header files for compiling extensi ii ruby1.9.1-examples 1.9.2.0-2 Examples for Ruby 1.9 -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
