"Dear Maintainer, While running some regression tests I discovered that 1.9.3.194-1 is vulnerable to CVE-2011-1005, despite the Ruby advisory stating otherwise: http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/ You can use the reproducer in the advisory for verification. Just do a 'puts $secret_path' rather than the 'open($secret_path)' block." Fixed with http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
CVE request and assignment: http://www.openwall.com/lists/oss-security/2012/10/03/9
dev-lang/ruby-1.9.3_p286 with a fix for this is now in the tree.
(In reply to comment #2) > dev-lang/ruby-1.9.3_p286 with a fix for this is now in the tree. Thanks. For the 1.8 slot, this should be fixed in 1.8.7-p371. Could you please bump that slot too (preferably with a version that also satisfies bug 437366)?
GLSA vote: yes.
CVE-2012-4466 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4466): Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. CVE-2012-4464 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4464): Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.
GLSA vote: no.
GLSA vote: no Closing as noglsa