4 files changed, 22 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 98ab506f40..6b414b88ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+Tue Oct 30 14:04:04 2001  Yukihiro Matsumoto  <[email protected]>
+
+	* eval.c (rb_f_eval): can't modify untainted binding.
+
+Mon Oct 29 16:08:30 2001  Yukihiro Matsumoto  <[email protected]>
+
+	* regex.c (re_compile_pattern): should preverve p0 value.
+
 Mon Oct 29 07:57:31 2001  Yukihiro Matsumoto  <[email protected]>
 
 	* parse.y (str_extend): shuould allow interpolation of $-x.
diff --git a/eval.c b/eval.c
index a8773e181a..a006f3444d 100644
--- a/eval.c
+++ b/eval.c
@@ -4961,6 +4961,9 @@ rb_f_eval(argc, argv, self)
 
     if (ruby_safe_level >= 4) {
 	Check_Type(src, T_STRING);
+	if (!NIL_P(scope) && !OBJ_TAINTED(scope)) {
+	    rb_raise(rb_eSecurityError, "Insecure: can't modify trusted binding");
+	}
     }
     else {
 	Check_SafeStr(src);
diff --git a/regex.c b/regex.c
index 340e96e46e..475b474065 100644
--- a/regex.c
+++ b/regex.c
@@ -1544,11 +1544,15 @@ re_compile_pattern(pattern, size, bufp)
 	  case 'M':
 	  case 'C':
 	  case 'c':
-	    p0 = --p;
-	    c = read_special(p, pend, &p0);
-	    if (c > 255) goto invalid_escape;
-	    p = p0;
-	    had_num_literal = 1;
+	    {
+	      char *pp;
+
+	      --p;
+	      c = read_special(p, pend, &pp);
+	      if (c > 255) goto invalid_escape;
+	      p = pp;
+	      had_num_literal = 1;
+	    }
 	    break;
 
 	  default:
diff --git a/version.h b/version.h
index 2c6e1e6865..e5240810b1 100644
--- a/version.h
+++ b/version.h
@@ -1,4 +1,4 @@
 #define RUBY_VERSION "1.6.5"
-#define RUBY_RELEASE_DATE "2001-10-29"
+#define RUBY_RELEASE_DATE "2001-10-30"
 #define RUBY_VERSION_CODE 165
-#define RUBY_RELEASE_CODE 20011029
+#define RUBY_RELEASE_CODE 20011030