From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
Date: Thu, 21 Dec 2017 17:02:44 +0100
Subject: CVE-2017-17790: Fixed command injection in
 Resolv::Hosts#lazy_initialize

This is upstream commit

    e7464561b5151501beb356fc750d5dd1a88014f7
---
 lib/resolv.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/resolv.rb b/lib/resolv.rb
index 1e18893..308466f 100644
--- a/lib/resolv.rb
+++ b/lib/resolv.rb
@@ -186,7 +186,7 @@ class Resolv
         unless @initialized
           @name2addr = {}
           @addr2name = {}
-          open(@filename, 'rb') {|f|
+          File.open(@filename, 'rb') {|f|
             f.each {|line|
               line.sub!(/#.*/, '')
               addr, hostname, *aliases = line.split(/\s+/)