[Secure-testing-team] Bug#575778: CVE-2009-1904
Giuseppe Iuculano
iuculano at debian.org
Mon Mar 29 08:00:55 UTC 2010
Package: ruby1.9
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ruby1.9.
CVE-2009-1904[0]:
| The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173
| allows context-dependent attackers to cause a denial of service
| (application crash) via a string argument that represents a large
| number, as demonstrated by an attempted conversion to the Float data
| type.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
http://security-tracker.debian.org/tracker/CVE-2009-1904
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuwXjUACgkQNxpp46476aqPlgCeN7jJjG1e0KuaDptQwhb464CH
5F4AnAnWvXTKKcf+RNBCoYhW3j5J0O1V
=y4x9
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list