1
PublicDateAtUSN: 2008-06-24
3
Candidate: CVE-2008-2664
5
http://preview.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities
6
https://usn.ubuntu.com/usn/usn-621-1
7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664
9
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before
10
1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0
11
before 1.9.0-2 allows context-dependent attackers to trigger memory
12
corruption via unspecified vectors related to alloca, a different issue
13
than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of
14
20080624, there has been inconsistent usage of multiple CVE identifiers
15
related to Ruby. The CVE description should be regarded as authoritative,
16
although it is likely to change.
21
Discovered-by: Drew Yao
25
upstream_ruby1.8: released (1.8.7.22-1)
26
dapper_ruby1.8: released (1.8.4-1ubuntu1.5)
27
feisty_ruby1.8: released (1.8.5-4ubuntu2.2)
28
gutsy_ruby1.8: released (1.8.6.36-1ubuntu3.2)
29
hardy_ruby1.8: released (1.8.6.111-2ubuntu1.1)
30
intrepid_ruby1.8: not-affected (1.8.7.22-1)
31
jaunty_ruby1.8: not-affected (1.8.7.22-1)
32
karmic_ruby1.8: not-affected (1.8.7.22-1)
33
lucid_ruby1.8: not-affected (1.8.7.22-1)
34
maverick_ruby1.8: not-affected (1.8.7.22-1)
35
natty_ruby1.8: not-affected (1.8.7.22-1)
36
oneiric_ruby1.8: not-affected (1.8.7.22-1)
37
devel_ruby1.8: not-affected (1.8.7.22-1)
40
upstream_ruby1.9: released (1.9.0.2-1)
41
dapper_ruby1.9: ignored (reached end-of-life)
42
feisty_ruby1.9: needed (reached end-of-life)
43
gutsy_ruby1.9: needed (reached end-of-life)
44
hardy_ruby1.9: ignored (reached end-of-life)
45
intrepid_ruby1.9: released (1.9.0.2-1ubuntu1)
46
jaunty_ruby1.9: released (1.9.0.2-1ubuntu1)
47
karmic_ruby1.9: released (1.9.0.2-1ubuntu1)
48
lucid_ruby1.9: released (1.9.0.2-1ubuntu1)
49
maverick_ruby1.9: DNE (pulled 2010-07-27)
50
natty_ruby1.9: DNE (pulled 2010-07-27)
51
oneiric_ruby1.9: DNE (pulled 2010-07-27)
52
devel_ruby1.9: DNE (pulled 2010-07-27)