This is an old revision of the document!
Slackwarearm-14.0 ChangeLog (2013-06-28)
Fri Jun 28 08:01:09 UTC 2013
Packages
Upgraded
- patches/packages/ruby-1.9.3_p448-arm-1_slack14.0.tgz
This update patches a vulnerability in Ruby's SSL client that could allow
man-in-the-middle attackers to spoof SSL servers via a valid certificate
issued by a trusted certification authority.
For more information, see:
http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073
(* Security fix *)