On 11/01/10 at 09:20 +0900, Daigo Moriwaki wrote:
> Package: ruby1.9
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> The upstream has released a vulnerability fix in WEBrick, a part of Ruby's
> standard library.  WEBrick lets attackers to inject malicious escap
> e sequences to its logs, making it possible for dangerous control characters
> to be executed on a victim's terminal emulator.

Fixed everywhere except ruby1.9/lenny, which I'm tempted to ignore.
-- 
| Lucas Nussbaum
| [email protected]   http://www.lucas-nussbaum.net/ |
| jabber: [email protected]             GPG: 1024D/023B3F4F |



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to