ruby1.9 - possible man-in-the-middle attacks

Several vulnerabilities have been discovered in Ruby, an object-oriented
scripting language. The Common Vulnerabilities and Exposures project
identifies the following problems:

• CVE-2007-5162
  It was discovered that the Ruby HTTP(S) module performs insufficient
  validation of SSL certificates, which may lead to man-in-the-middle
  attacks.
• CVE-2007-5770
  It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP
  and SMTP perform insufficient validation of SSL certificates, which
  may lead to man-in-the-middle attacks.

The old stable distribution (sarge) doesn’t contain ruby1.9 packages.

For the stable distribution (etch) these problems have been fixed in
version 1.9.0+20060609-1etch1. Updated packages for hppa and sparc will
be provided later.

We recommend that you upgrade your ruby1.9 packages.