Bug 26222 - произвольное выполнение кода при установки джемов
Summary: произвольное выполнение кода при установки джемов
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: rubygems (show other bugs)
Version: unstable
Hardware: all Linux
: P3 normal
Assignee: timonbl4@altlinux.org
QA Contact: qa-sisyphus
URL: http://blog.rubygems.org/2011/08/25/1...
Keywords:
Depends on:
Blocks:
 
Reported: 2011-09-03 20:19 MSK by Igor Zubkov
Modified: 2013-08-07 14:25 MSK (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Igor Zubkov 2011-09-03 20:19:33 MSK 
RubyGems 1.8.10 contains a security fix that prevents malicious gems from executing code when their specification is loaded. See https://github.com/rubygems/rubygems/pull/165 for details.
Comment 1 timonbl4@altlinux.org 2011-09-15 18:27:09 MSK 
Сначала нужно протестить сборку, перед тем как отправлять в сизиф..

http://git.altlinux.org/tasks/54732/build/repo/
Comment 2 Igor Zubkov 2013-08-07 14:24:58 MSK 
Давно исправлено.