[Christian Hofstaedtler] > In 2.1 branch, the fix is in this commit: > > https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a
According to <URL: https://security-tracker.debian.org/tracker/CVE-2009-5147 >, this issue is fixed in squeeze but not wheezy and jessie. Are anyone working on a update to stable? I noticed this bug as it is the oldest CVE reported by debsecan on my stable installations, and wondered why a CVE from 2009 was still not fixed in Jessie. Note, I see from the Redhat bug report that the problem was recently reintroduced, so it have not been around for 6 years. -- Happy hacking Petter Reinholdtsen
