On 2012-10-01 11:04:30, Tyler Hicks wrote: > I'll be sure to update this bug when they've applied the fix upstream.
Ok, the fix is public: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 It ended up being more complicated than I initially thought. The vulnerability described in CVE-2011-1005 was reintroduced into the Ruby codebase in 1.9.3-p0. When upstream was developing their fix they found a new, but similar, issue that goes back to ruby1.8. My request for new CVE ids and a slightly more detailed explanation can be found here: http://www.openwall.com/lists/oss-security/2012/10/02/4 Tyler
signature.asc
Description: Digital signature