[DRE-maint] [Bug 175827] Re: [ruby-gnome2] [CVE-2007-6183] improper input sanitizing / format string vulnerability

Bug Watch Updater 175827 at bugs.launchpad.net
Fri Feb 4 07:57:30 UTC 2011


** Changed in: ruby-gnome2 (Gentoo Linux)
   Importance: Unknown => Medium

-- 
You received this bug notification because you are subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/175827

Title:
  [ruby-gnome2] [CVE-2007-6183] improper input sanitizing / format
  string vulnerability

Status in “ruby-gnome2” package in Ubuntu:
  Fix Released
Status in “ruby-gnome2” source package in Dapper:
  Triaged
Status in “ruby-gnome2” source package in Edgy:
  Won't Fix
Status in “ruby-gnome2” source package in Feisty:
  Won't Fix
Status in “ruby-gnome2” source package in Gutsy:
  Won't Fix
Status in “ruby-gnome2” source package in Hardy:
  Fix Released
Status in “ruby-gnome2” package in Debian:
  Fix Released
Status in “ruby-gnome2” package in Fedora:
  Fix Released
Status in “ruby-gnome2” package in Gentoo Linux:
  Fix Released

Bug description:
  Binary package hint: ruby-gnome2

  References:
  DSA-1431-1 (http://www.debian.org/security/2007/dsa-1431)

  Quoting DSA-1431-1:
  "It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby language, didn't properly sanitize input prior to constructing dialogs. This could allow for the execution of arbitary code if untrusted input is displayed within a dialog."

  Quoting CVE-2007-6183:
  "Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter."







More information about the Pkg-ruby-extras-maintainers mailing list