Hide Forgot
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3928 to the following vulnerability: Name: CVE-2010-3928 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3928 Assigned: 20101012 Reference: JVN:JVN#30414126 Reference: URL: http://jvn.jp/en/jp/JVN30414126/index.html Reference: JVNDB:JVNDB-2011-000005 Reference: URL: http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000005.html Reference: BID:45841 Reference: URL: http://www.securityfocus.com/bid/45841 Reference: XF:ruby-manager-escape-command-execution(64746) Reference: URL: http://xforce.iss.net/xforce/xfdb/64746 Ruby Version Manager (RVM) before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an "escape sequence injection vulnerability." NOTE: some of these details are obtained from third party information.
Created rubygem-rvm tracking bugs for this issue Affects: fedora-all [bug 671209]
This package was entirely dropped from Fedora. May be this issue could be closed now.
It only seems dropped from F17 and later, and remains in F16. If it's not planned to get fixed before EOL, we can only close with wontfix.
Ah, the package is blocked F17+ but in pkgdb, it is retired entirely. Nevertheless, there is definitely no plan to fix it.