Multiple Ruby security vulnerabilities

tptacek's blog has some good info on this:<p><a href="http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/" rel="nofollow">http://www.matasano.com/log/1070/updates-on-drew-yaos-terrib...</a>

Both String and Array have integer overflows. If an attacker can control the size of a string or the index to a string or an array, they can control the address in native memory where Ruby will write data.<p>The details of these vulnerabilities are <i>not</i> under wraps; they were fixed in commits labelled with their CVE numbers.

Here's a fix for etch, since the security team hasn't released an advisory yet:<p><a href="http://dfranke.us/rubyfix.txt" rel="nofollow">http://dfranke.us/rubyfix.txt</a>

a = Array.new<p>a[0x7fffffff] = 55<p>(irb):14: [BUG] Segmentation fault<p>Presumably this is one of the attack vectors that was fixed.

Anyone successfully running the patched version w/o segfaults?