From: Markus Koschany <apo@debian.org> Date: Sun, 29 Apr 2018 21:11:01 +0200 Subject: CVE-2018-1000074 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778 Origin: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d --- lib/ruby/shared/rubygems/commands/owner_command.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ruby/shared/rubygems/commands/owner_command.rb b/lib/ruby/shared/rubygems/commands/owner_command.rb index 322bf65..c5416f8 100644 --- a/lib/ruby/shared/rubygems/commands/owner_command.rb +++ b/lib/ruby/shared/rubygems/commands/owner_command.rb @@ -61,7 +61,7 @@ permission to. end with_response response do |resp| - owners = YAML.load resp.body + owners = Gem::SafeYAML.load resp.body say "Owners for gem: #{name}" owners.each do |owner|