Soon after announcing the End of Life for 1.9.2 (and 1.8.7), a critical security regression was found in 1.9.2.

This bug occurs when parsing a long string is using the URI method decode_www_form_component. This can be reproduced by running the following on vulnerable Rubies:

ruby -v -ruri -e'URI.decode_www_form_component "A string that causes catastrophic backtracking as it gets longer %"'

Since it was found and patched just before the release of 1.9.3, versions of Ruby 1.9.3-p0 and later are not affected; however versions of Ruby 1.9.2 older than 1.9.2-p330 are affected.

You can read the original report on the bug tracker: https://bugs.ruby-lang.org/issues/5149#note-4

Discussion about retroactive CVE assignment:
http://seclists.org/oss-sec/2015/q3/98
https://github.com/ruby/www.ruby-lang.org/issues/817

Commits:
https://github.com/ruby/ruby/commit/5082e91876502a2f3dde862406a0efe9f85afcdb
https://github.com/ruby/ruby/commit/7b9354af8805c02ed968765abe300162e0fcc943

commit 7b9354af8805c02ed968765abe300162e0fcc943
Author: hone <hone@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date:   Thu Aug 7 04:59:56 2014 +0000

    Fix r32622.
    
    git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@47093 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

commit 5082e91876502a2f3dde862406a0efe9f85afcdb
Author: hone <hone@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date:   Thu Aug 7 04:59:52 2014 +0000

    merge revision(s) 32622:
    
    * lib/uri/generic.rb (WFKV_): unroll the loop of regexp.
    
    * lib/uri/generic.rb (URI.decode_www_form_component): ditto.
    
    Conflicts:
        ChangeLog
        lib/uri/common.rb
    
    git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@47092 b2dd03c8-39d4-4d8f-98ff-823fe69b080e



References:
https://bugs.ruby-lang.org/issues/5149#note-4
https://github.com/ruby/www.ruby-lang.org/issues/817
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6438
http://seclists.org/oss-sec/2015/q3/98
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6438