Hello all.
CVE-2012-4466 was reported against 1.8.7. This is about $SAFE escaping, so
if you (or your using library) are a user of that feature, you are advised
to upgrade your 1.8.7 to the following one:
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p371.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p371.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p371.zip
Checksums:
MD5(ruby-1.8.7-p371.tar.gz)= 653f07bb45f03d0bf3910491288764df
SHA256(ruby-1.8.7-p371.tar.gz)= e60a322f8f2a616eba01651f5ab620e7e48e4f8adfe711aec61cc74a91d54d3c
SIZE(ruby-1.8.7-p371.tar.gz)= 4902800
MD5(ruby-1.8.7-p371.tar.bz2)= c27526b298659a186bdb5107fcec2341
SHA256(ruby-1.8.7-p371.tar.bz2)= 2dd0e463cd82039beb75c9b9f4ee20bef5f5b5ff68527008e5aee61cfb3b55e1
SIZE(ruby-1.8.7-p371.tar.bz2)= 4248262
MD5(ruby-1.8.7-p371.zip)= a1eec1c6611f2256be492b3002192cb4
SHA256(ruby-1.8.7-p371.zip)= d308ecc20619096276545a3eefee02873b883507e69d74bdefc5f8de47e1e3c2
SIZE(ruby-1.8.7-p371.zip)= 5999510
Thank you. I think details about this CVE would also come shortly.