CVE-2012-4464

Priority
Medium
Description
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows
context-dependent attackers to bypass safe-level restrictions and modify
untainted strings via the (1) exc_to_s or (2) name_err_to_s API function,
which marks the string as tainted, a different vulnerability than
CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005
regression.
References
Bugs
Notes
 mdeslaur> affects 1.9.3p0 and newer
Assigned-to
tyhicks
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (1.9.3.0-1ubuntu2.3)
Patches:
Upstream:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 (first 2 hunks of error.c diff)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:57 UTC (commit 9756)