Originally, Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1005 to the following vulnerability: The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. Later it was reported: [1] http://www.openwall.com/lists/oss-security/2012/10/02/4 that the Ruby name_err_mesg_to_str() method is vulnerable to the similar flaw. Relevant upstream patch: [2] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
*** Bug 862906 has been marked as a duplicate of this bug. ***
Created ruby tracking bugs for this issue Affects: fedora-all [bug 862907]
This issue has been addressed in following products: RHEL 6 Version of OpenShift Enterprise Via RHSA-2013:0582 https://rhn.redhat.com/errata/RHSA-2013-0582.html