Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-2065

Published: 2 November 2013

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

Notes

AuthorNote
mdeslaur
only affects 1.9+

Priority

Low

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life)
precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

upstream Not vulnerable

ruby1.9.1
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life)
precise
Released (1.9.3.0-1ubuntu2.8)
quantal
Released (1.9.3.194-1ubuntu1.6)
raring
Released (1.9.3.194-8.1ubuntu1.2)
saucy
Released (1.9.3.194-8.1ubuntu2.1)
upstream
Released (1.9.3.426)
Patches:
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40732 (1.9.x)
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40728 (trunk + test)
ruby2.0
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Not vulnerable
(2.0.0.299-2)
upstream
Released (2.0.0.195)