FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Ruby -- unsafe tainted string vulnerability

Affected packages
2.0.0,1 <= ruby <,1
2.1.0,1 <= ruby < 2.1.8,1
2.2.0,1 <= ruby < 2.2.4,1


VuXML ID 3b50881d-1860-4721-aab1-503290e23f6c
Discovery 2015-12-16
Entry 2015-12-23

Ruby developer reports:

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi.

And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed at other branches, then rubies which bundled DL except Ruby 1.9.1 are still vulnerable.


CVE Name CVE-2015-7551