Public bug reported: Binary package hint: ruby-gnome2
References: DSA-1431-1 (http://www.debian.org/security/2007/dsa-1431) Quoting DSA-1431-1: "It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby language, didn't properly sanitize input prior to constructing dialogs. This could allow for the execution of arbitary code if untrusted input is displayed within a dialog." Quoting CVE-2007-6183: "Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter." ** Affects: ruby-gnome2 (Ubuntu) Importance: Undecided Status: New ** Affects: ruby-gnome2 (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6183 ** Bug watch added: Debian Bug tracker #453689 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453689 ** Also affects: ruby-gnome2 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453689 Importance: Unknown Status: Unknown -- [ruby-gnome2] [CVE-2007-6183] improper input sanitizing / format string vulnerability https://bugs.launchpad.net/bugs/175827 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs