RuPy 2012 coming very soon
RuPy 2012 – the 5th edition Ruby, Python and JavaScript conference for hackers across the two hemispheres. 16-18 November 2012 in Brno, 8-9 December in São José.
Posted by hosiawak on 22 Oct 2012
Unintentional file creation caused by inserting an illegal NUL character (CVE-2012-4522)
A vulnerability was found that file creation routines can create unintended files by strategically inserting NUL(s) in file paths. This vulnerability has been reported as CVE-2012-4522.
Posted by usa on 12 Oct 2012
$SAFE escaping vulnerability about Exception#to_s / NameError#to_s (CVE-2012-4464, CVE-2012-4466)
Vulnerabilities found for Exception#to_s, NameError#to_s, and name_err_mesg_to_s() which is Ruby interpreter-internal API. A malicious user code can bypass $SAFE check by utilizing one of those security holes.
Posted by usa on 12 Oct 2012