<<< Date Index >>>     <<< Thread Index >>>

FLEA-2007-0068-1 ruby



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0068-1
Published: 2007-11-11

Rating: Minor

Updated Versions:
    ruby=/conary.rpath.com@rpl:devel//1/1.8.6_p110-1-0.1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.1-0.2-3

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5162

Description:
    Previous versions of the ruby package include a library, Net::HTTPS, which
    does not properly verify the CN (common name) field in ssl certificates,
    making it easier to perform a man-in-the-middle attack.

    It is believed that Foresight Linux does not include any programs which
    rely on this feature of the Net::HTTPS library, and so is not affected by
    default.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iQIVAwUBRzffzNfwEn07iAtZAQLx/g/8DQHUZnmhYJCYAgiUQsN5PGTbBEWpZdN4
VxaCBPxhZL378cl4r/eBc4+CH/nni+dOlea/MVRMhKYxtERt5LnM79fa2ur2uIdk
Vt8QKACYe52OltlPw3kAgdDeVVlWZnyYl2V9Py+dMgwRdrcWiyv0RAuc8FQYUc7w
z2ROUIyPXlVU0a2/LTvkIyQigfugQVSlRtmTqVDZIeAYn1W4u8u8nw3MjcX4Vz+H
78IEB82yxuTzKBwj+tXldZmb4iecVYiAFYddPQNjcYMEZBPaysQCp9dE/aPE3Odq
ncKBqNTsnbWJxICLlxMFx0O/iF/dBHQVgd5KhXcdgQZPIPzc7FdJW3AjNv4YSIcW
V3CTt8WHbUDn1b9XKHMQ0sCOkOsrPgWwuJk2POYjfJWAvY8HcSid0RTbBylEsNIj
D0aVRY7ykhn36xTmRtrCqlIJZ6vBCWgnhMKdTZ16dcN2YzyzapflQZ0AD1D0p3xQ
OWjVMgotP8ZNotNsVLctigyC836Bpqu2XrKFY5lSvRcrS8TcHr/JeSwSdnEjjwTO
8Mai0QNYYa3cULXpRQSFbt8q1A3UZ3QZMGE+EvUAhYTsxRAnPgAjsS31v/qLIfe7
SIzIJwIHLrZTk/SMz6bFC9BjJ1ybUR1RA47pCmNOkVjQaudttqRJiLq1TtXh/I/Q
V1w0i/aDmGc=
=Dd9Q
-----END PGP SIGNATURE-----