Slackware-14.1 ChangeLog (2013-05-16)
Thu May 16 21:42:08 UTC 2013
Packages
Upgraded
- d/ruby-1.9.3_p429-i486-1.txz
This update fixes a security issue in DL and Fiddle included in Ruby where
tainted strings can be used by system calls regardless of the $SAFE level
setting.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2065
http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
(* Security fix *)