Hi everyone, apparently the wheezy version of ruby (1.8.7.358-6) got a fix for CVE-2011-4815 but not the squeeze package. Is there a special reason for that? A colleague prepared a back-port patch for the squeeze package. It would be great if this will find it's way into the squeeze package. Also, if someone has a "ready to run" test script handy to check if this patch works properly feel free to do so. cheers niko
Attachment:
randomize_hash_backport.patch.gz
Description: GNU Zip compressed data