A vulnerability was found. It
could allow arbitrary command execution on a server running the ruby xmlrpc
server.
The fixed versions of ruby1.8 package in Debian are 1.8.2-7sarge1 in stable and
1.8.2-8 in unstable. According to the Package Tracking
System the testing
version is still 1.8.2-7 with the vulnerability because ncurses that ruby1.8 depends on has a
release-critical bug. 1.8.2-9 in unstable has not yet entered into
testing. Please be careful, testing users.