Debian Security Advisory
DLA-300-1 ruby1.9.1 -- LTS security update
- Date Reported:
- 26 Aug 2015
- Affected Packages:
- ruby1.9.1
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2009-5147.
- More information:
-
"sheepman" fixed a vulnerability in Ruby 1.9.1: DL::dlopen could open a library with tainted name even if $SAFE> 0.
For Debian 6
Squeeze
, this issue has been fixed in ruby1.9.1 1.9.2.0-2+deb6u7