From aede5b391193a2493594e4fcd49ffd685fbe41ca Mon Sep 17 00:00:00 2001
From: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 27 May 2011 23:45:12 +0000
Subject: update comment.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31759 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/open-uri.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/open-uri.rb b/lib/open-uri.rb
index c8393fa437..4de5c43462 100644
--- a/lib/open-uri.rb
+++ b/lib/open-uri.rb
@@ -234,7 +234,7 @@ module OpenURI
 
   def OpenURI.redirectable?(uri1, uri2) # :nodoc:
     # This test is intended to forbid a redirection from http://... to
-    # file:///etc/passwd.
+    # file:///etc/passwd, file:///dev/zero, etc.  CVE-2011-1521
     # https to http redirect is also forbidden intentionally.
     # It avoids sending secure cookie or referer by non-secure HTTP protocol.
     # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)
-- 
cgit v1.2.3