Debian Security Advisory
DLA-299-1 ruby1.8 -- LTS security update
- Date Reported:
- 26 Aug 2015
- Affected Packages:
- ruby1.8
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2009-5147.
- More information:
-
"sheepman" fixed a vulnerability in Ruby 1.8: DL::dlopen could open a library with tainted name even if $SAFE> 0.
For Debian 6
Squeeze
, this issue has been fixed in ruby1.8 1.8.7.302-2squeeze5.