| Name | CVE-2010-0541 |
| Description | Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 593298 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| ruby1.8 | source | (unstable) | 1.8.7.302-1 | |||
| ruby1.9 | source | (unstable) | (unfixed) | |||
| ruby1.9.1 | source | (unstable) | 1.9.2.0-1 | 593298 |
[lenny] - ruby1.8 <no-dsa> (Minor issue)
[lenny] - ruby1.9 <no-dsa> (Minor issue)