Fix WEBrick's Escape Sequence Injection vulnerability

Bug #509392 reported by Jones D. Le
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ruby1.9.1 (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

Binary package hint: ruby1.9.1

A vulnerability was found on WEBrick, a part of Ruby's standard library. WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator. More info can be found here: http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/

p378 is released to fix this security bug. Please bump to p378 to fix this

visibility: private → public
Changed in ruby1.9.1 (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Lucas Nussbaum (lucas)
Changed in ruby1.9.1 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.