type: security subject: Updated ruby packages fix CVE-2013-4073 CVE: - CVE-2013-4073 src: 2: core: - ruby-1.8.7.p358-1.3.mga2 3: core: - ruby-1.9.3.p448-1.mga3 - ruby-linecache19-0.5.13-5.1.mga3 - ruby-ruby-debug-base19-0.11.26-5.1.mga3 description: | A vulnerability in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority (CVE-2013-4073). references: - http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ - http://www.ubuntu.com/usn/usn-1902-1/ - https://bugs.mageia.org/show_bug.cgi?id=10637 ID: MGASA-2013-0229