CVE-2012-4466

Priority
Medium
Description
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0
before revision r37068 allows context-dependent attackers to bypass
safe-level restrictions and modify untainted strings via the
name_err_mesg_to_str API function, which marks the string as tainted, a
different vulnerability than CVE-2011-1005.
References
Bugs
Notes
tyhicks> affects 1.8.x, as well as 1.9.3-p0 and newer
Assigned-to
tyhicks
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (1.8.7.352-2ubuntu1.1)
Patches:
Upstream:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 (last hunk in error.c diff)
Package
Upstream:not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (1.9.3.0-1ubuntu2.3)
Patches:
Upstream:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 (last hunk in error.c diff)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-15 19:39:39 UTC (commit 9690)