Hello Michael, Michael S. Gilbert wrote: > package: rubygems1.9 > version: 1.3.1 > tags: security > severity: serious > > hello, it has been disclosed thet a specially crafted gem archive could > be used to overwrite system files. confirmed for 1.3.x, but older > versions may also be affected. please check and help the security > team prepare updates for the stable releases. see: > > http://bugs.gentoo.org/show_bug.cgi?id=278566 > http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/24472 > http://redmine.ruby-lang.org/issues/show/1800
Thank you for the references. I have just read them. In Debian, executables from gems install into a particular directory specific to RubyGems such as /var/lib/gems/{1.8|1.9.0}/bin instead of the system directory /usr/bin. There should be no risk that they talked about. If you think of any problems in Debian, please let me know; otherwise, please close this ticket. Regards, Daigo -- Daigo Moriwaki daigo at debian dot org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org