CVE-2009-5147 (retired)

Priority
Description
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648,
and 2.1 before 2.1.8 opens libraries with tainted names.
Notes
sarnoldThe Debian triage mentions two points, first that the upstream fix
has been dropped from upstream for unknown reasons; second, Fiddle in
Ruby 2.2 has the same problem.
MITRE hasn't (yet?) assigned a CVE for
7269e3de3cee3bbb6ab77fc708f3a10cab00b65e but that may be for their own
reasons.
mdeslaurDL was removed in 2.2
This is the same issue as CVE-2015-7551, except only for 1.9.1
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b (DL)
Upstream:https://github.com/ruby/ruby/commit/7269e3de3cee3bbb6ab77fc708f3a10cab00b65e (DL)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (ruby 1.x only)
More Information

Updated: 2019-10-09 07:23:41 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)