PublicDate: 2007-11-14 01:46:00 UTC
Candidate: CVE-2007-5770
References:
 https://ubuntu.com/security/notices/USN-596-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5770
Description:
 The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5)
 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the
 commonName (CN) field in a server certificate matches the domain name in a
 request sent over SSL, which makes it easier for remote attackers to
 intercept SSL transmissions via a man-in-the-middle attack or spoofed web
 site, different components than CVE-2007-5162.
Ubuntu-Description:
Notes:
 jdstrand> LP bug has debdiffs
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/149616
Priority: low
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_ruby1.8:
 debdiff: https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/149616
upstream_ruby1.8: released (1.8.6.111)
dapper_ruby1.8: released (1.8.4-1ubuntu1.4)
edgy_ruby1.8: released (1.8.4-5ubuntu1.3)
feisty_ruby1.8: released (1.8.5-4ubuntu2.1)
gutsy_ruby1.8: released (1.8.6.36-1ubuntu3.1)
hardy_ruby1.8: not-affected (1.8.6.111-2ubuntu1)
devel_ruby1.8: not-affected (1.8.7.22-1)

Patches_libopenssl-ruby:
upstream_libopenssl-ruby: released (0.1.4a-1sarge1)
dapper_libopenssl-ruby: not-affected (fixed in ruby1.8)
edgy_libopenssl-ruby: not-affected (fixed in ruby1.8)
feisty_libopenssl-ruby: not-affected (fixed in ruby1.8)
gutsy_libopenssl-ruby: not-affected (fixed in ruby1.8)
hardy_libopenssl-ruby: not-affected (fixed in ruby1.8)
devel_libopenssl-ruby: not-affected (fixed in ruby1.8)