Debian Security Advisory DSA 748-1 - A vulnerability has been discovered in ruby 1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server.
172ca51e27ef5e4f0d94d04b618f60329db5e80a16e79cfe6cb35c316f6ea1fc
Ubuntu Security Notice USN-146-1 - Nobuhiro IMAI discovered that the changed default value of the Module#public_instance_methods() method broke the security protection of XMLRPC server handlers. A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server.
9a01c06f07b7a6790057fbdc7b2db4db082ec300bd7883e13b24bb2ecadad95c