Debian Security Advisory DSA 1410-1 (ruby1.8)

The remote host is missing an update to ruby1.8 announced via advisory DSA 1410-1.

Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5162 It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. CVE-2007-5770 It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. For the stable distribution (etch), these problems have been fixed in version 1.8.5-4etch1. Packages for sparc will be provided later. For the old stable distribution (sarge), these problems have been fixed in version 1.8.2-7sarge6. Packages for sparc will be provided later. We recommend that you upgrade your ruby1.8 packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201410-1