The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443). In addition, this security update addresses a regression in the REXML XML parser of the ruby1.8 package; the regression was introduced in DSA-1651-1. For the stable distribution (etch), this problem has been fixed in version 1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4 of the ruby1.9 package. For the unstable distribution (sid), this problem has been fixed in version 1.8.7.72-1 of the ruby1.8 package. The ruby1.9 package will be fixed soon. We recommend that you upgrade your Ruby packages.
The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443).
In addition, this security update addresses a regression in the REXML XML parser of the ruby1.8 package; the regression was introduced in DSA-1651-1.
For the stable distribution (etch), this problem has been fixed in version 1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4 of the ruby1.9 package.
For the unstable distribution (sid), this problem has been fixed in version 1.8.7.72-1 of the ruby1.8 package. The ruby1.9 package will be fixed soon.
We recommend that you upgrade your Ruby packages.
MD5 checksums of the listed files are available in the original advisory.