There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was
originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL
was reimplemented using Fiddle and libffi.
And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed at other
branches, then rubies which bundled DL except Ruby 1.9.1 are still vulnerable.