- Document Ruby vulnerability. [1]

- Fix URL in previous mutt entry while here.

Reported by:	Joel Hatton via freebsd-ports [1]

1 files changed, 53 insertions, 1 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index b9439dcdf242..1c509f09a882 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,58 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="76562594-1f19-11db-b7d4-0008743bf21a">
+    <topic>Ruby - Safe Level Security Bypass Vulnerabilities</topic>
+    <affects>
+      <package>
+        <name>ruby</name>
+        <name>ruby_static</name>
+        <range><gt>1.6.*</gt><le>1.6.8.2004.07.28_2</le></range>
+        <range><gt>1.8.*</gt><le>1.8.4_8</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Secunia reports:</p>
+        <blockquote cite="http://secunia.com/advisories/21009/">
+          <p>
+            Two vulnerabilities have been reported in Ruby, which can be
+            exploited by malicious people to bypass certain security
+            restrictions.
+          </p>
+
+          <ol>
+            <li>
+              An error in the handling of the "alias" functionality
+              can be exploited to bypass the safe level protection and
+              replace methods called in the trusted level.
+            </li>
+
+            <li>
+              An error caused due to directory operations not being
+              properly checked can be exploited to bypass the safe
+              level protection and close untainted directory streams.
+            </li>
+          </ol>
+
+          <p>
+            The vulnerabilities have been reported in version 1.8.4 and
+            prior.
+          </p>
+        </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2006-3694</cvename>
+      <url>http://secunia.com/advisories/21009/</url>
+      <url>http://jvn.jp/jp/JVN%2383768862/index.html</url>
+      <url>http://jvn.jp/jp/JVN%2313947696/index.html</url>
+    </references>
+    <dates>
+      <discovery>2006-07-12</discovery>
+      <entry>2006-07-29</entry>
+    </dates>
+  </vuln>
   <vuln vid="dc8c08c7-1e7c-11db-88cf-000c6ec775d9">
     <topic>apache -- mod_rewrite buffer overflow vulnerability</topic>
     <affects>
@@ -590,7 +642,7 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>SecurityFocus reports:</p>
-        <blockquote cite="http://http://www.securityfocus.com/bid/18642">
+        <blockquote cite="http://www.securityfocus.com/bid/18642">
           <p>
             Mutt is prone to a remote buffer-overflow vulnerability.
             This issue is due to the application's failure to properly