Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2013-2065

Published: 2 November 2013

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

Notes

AuthorNote
mdeslaur
only affects 1.9+
Priority

Low

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

upstream Not vulnerable

ruby1.9.1
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (1.9.3.0-1ubuntu2.8)
quantal
Released (1.9.3.194-1ubuntu1.6)
raring
Released (1.9.3.194-8.1ubuntu1.2)
saucy
Released (1.9.3.194-8.1ubuntu2.1)
upstream
Released (1.9.3.426)
Patches:
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40732 (1.9.x)
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40728 (trunk + test)
ruby2.0
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Not vulnerable
(2.0.0.299-2)
upstream
Released (2.0.0.195)