Package: libruby1.8 Version: 1.8.5-3 Severity: grave Tags: security Justification: user security hole
A vulnerability has been found in ruby's cgi.rb (or rather a previous fix was incomplete). From CVE-2006-5467: The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a dneial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. See http://www.ruby-lang.org/en/news/2006/11/03/CVE-2006-5467/ http://secunia.com/advisories/22624 for more info. Please mention the CVE-id in the changelog and also check ruby 1.9. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
