Planned maintenance of redmine.ruby-lang.org
Ruby's issue tracker will be down from 2011-02-23 10:00+09:00 to 24:00 for planned maintenance.
Posted by Yugui on 22 Feb 2011
FileUtils is vulnerable to symlink race attacks
A symlink race condition vulnerability was found in FileUtils.remove_entry_secure. The vulnerability allows local users to delete arbitrary files and directories.
Posted by Urabe Shyouhei on 18 Feb 2011
Exception methods can bypass $SAFE
Exception#to_s method can be used to trick $SAFE check, which makes a untrusted codes to modify arbitrary strings.
Posted by Urabe Shyouhei on 18 Feb 2011