Ruby's issue tracker will be down from 2011-02-23 10:00+09:00 to 24:00 for planned maintenance.
If you have any issue to report, I am afraid but please post a mail to ruby-core mailing list or wait for my finishing maintenance.
Continue Reading…
Posted by Yugui on 22 Feb 2011
Exception#to_s method can be used to trick $SAFE check, which makes a untrusted codes to modify arbitrary strings.
Continue Reading…
Posted by Urabe Shyouhei on 18 Feb 2011
A symlink race condition vulnerability was found in
FileUtils.remove_entry_secure. The vulnerability allows local users
to delete arbitrary files and directories.
Continue Reading…
Posted by Urabe Shyouhei on 18 Feb 2011