ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
dev-lang/ruby-1.8.6_p287-r5 and -12, and 1.8.7_p72-r2 are now in the tree, fixing this issue. Arches, please stabilize 1.8.6_p287-*r5*.
Stable on alpha.
Stable for HPPA.
amd64 stable, after Alex forced me multiple times.
ppc64 done
(In reply to comment #4) > amd64 stable, after Alex forced me multiple times. Yayaya, stop whining. :p (Not a senseless update, fixing summary at the same time ;) )
arm/ia64/s390/sh/sparc/x86 stable
ppc stable
GLSA voting, please. [If you allow me to cast a vote, I would say no.]
Practically unused, NO -- closing.