On Mon, 27 Sep 2004 20:41:13 -0400, Joey Hess wrote: > Martin Schulze wrote: >> ruby 1.8.1+1.8.2pre1-4 needed, have 1.8.1-8 for DSA-537 > > This is fixed in ruby1.8 in testing; ruby itself is a dependency package. > I don't know if ruby1.7 was/is vulnetable, do you?
Ruby1.7 (ie, ruby-beta) is most definitely vulnerable; both 1.6 and 1.8 had the problem. However, ruby-beta should be hinted for removal anyways.
