Bug#500461: libtidy-ruby1.8: SecurityError raised by Tidy.open on ruby1.8 1.8.7.72-1
Package: libtidy-ruby1.8
Version: 1.1.2-3
Severity: grave
Justification: renders package unusable
Tags: upstream, help
As reported on ruby-talk ML[0], any attempt to initialize Tidy object
fails with the following exception:
SecurityError: Insecure operation - call
Backtrace:
(eval):5:in `call'
(eval):5:in `tidySetErrorBuffer'
/usr/lib/ruby/1.8/tidy/tidylib.rb:102:in `set_error_buffer'
/usr/lib/ruby/1.8/tidy/tidyobj.rb:31:in `initialize'
/usr/lib/ruby/1.8/tidy.rb:36:in `new'
/usr/lib/ruby/1.8/tidy.rb:36:in `new'
/usr/lib/ruby/1.8/tidy.rb:56:in `open'
This started with ruby1.8 1.8.7.72-1 which includes a security fix for
the DL library[1].
[0] http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/315497
[1] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17872
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (70, 'testing'), (50, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=be_BY.UTF-8, LC_CTYPE=be_BY.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libtidy-ruby1.8 depends on:
ii libruby1.8 1.8.7.72-1 Libraries necessary to run Ruby 1.
ii libtidy-0.99-0 20080116cvs-2 HTML syntax checker and reformatte
libtidy-ruby1.8 recommends no packages.
libtidy-ruby1.8 suggests no packages.
-- no debconf information
Reply to: