Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.
Please feel free to report any other bugs you may find.
** Changed in: ruby-gnome2 (Ubuntu Dapper)
Status: Triaged => Won't Fix
--
You received this bug notification because you are subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/175827
Title:
[ruby-gnome2] [CVE-2007-6183] improper input sanitizing / format
string vulnerability
Status in “ruby-gnome2” package in Ubuntu:
Fix Released
Status in “ruby-gnome2” source package in Dapper:
Won't Fix
Status in “ruby-gnome2” source package in Edgy:
Won't Fix
Status in “ruby-gnome2” source package in Feisty:
Won't Fix
Status in “ruby-gnome2” source package in Gutsy:
Won't Fix
Status in “ruby-gnome2” source package in Hardy:
Fix Released
Status in “ruby-gnome2” package in Debian:
Fix Released
Status in “ruby-gnome2” package in Fedora:
Fix Released
Status in “ruby-gnome2” package in Gentoo Linux:
Fix Released
Bug description:
Binary package hint: ruby-gnome2
References:
DSA-1431-1 (http://www.debian.org/security/2007/dsa-1431)
Quoting DSA-1431-1:
"It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby
language, didn't properly sanitize input prior to constructing dialogs. This
could allow for the execution of arbitary code if untrusted input is displayed
within a dialog."
Quoting CVE-2007-6183:
"Format string vulnerability in the mdiag_initialize function in
gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN
versions before 20071127, allows context-dependent attackers to execute
arbitrary code via format string specifiers in the message parameter."
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-gnome2/+bug/175827/+subscriptions
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
