CVE-2011-1005

Priority
Description
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through
1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify
strings via the Exception#to_s method, as demonstrated by changing an
intended pathname.
Notes
 tyhicks> potential test case in ruby-lang.org advisory
 tyhicks> The fix was incomplete, see CVE-2012-4481
Assigned-to
tyhicks
Package
Upstream:released (1.8.7.334-1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Patches:
Upstream:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=30903&view=revision
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.9.3.194-1ubuntu1)
More Information

Updated: 2019-03-19 11:57:25 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)