Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-1005

Published: 2 March 2011

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.

Notes

AuthorNote
tyhicks
potential test case in ruby-lang.org advisory
The fix was incomplete, see CVE-2012-4481

Priority

Low

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy Ignored
(end of life)
karmic Ignored
(end of life)
lucid
Released (1.8.7.249-2ubuntu0.1)
maverick
Released (1.8.7.299-2ubuntu0.1)
natty
Released (1.8.7.302-2ubuntu0.1)
oneiric Not vulnerable
(1.8.7.352-2)
precise Not vulnerable

upstream
Released (1.8.7.334-1)
Patches:
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=30903&view=revision
ruby1.9
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy Ignored
(end of life)
karmic Ignored
(end of life)
lucid Not vulnerable

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

ruby1.9.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(end of life)
lucid Not vulnerable

maverick Ignored
(end of life)
natty Not vulnerable

oneiric Not vulnerable

precise
Released (1.9.3.0-1ubuntu2.2)
upstream Needs triage