CVE-2012-4466

NameCVE-2012-4466
DescriptionRuby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs689075

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby1.9.1sourcesqueeze(not affected)
ruby1.9.1source(unstable)1.9.3.194-2low689075

Notes

[squeeze] - ruby1.9.1 <not-affected> (Minor issue, please recheck)

Search for package or bug name: Reporting problems