cvs commit: ports/lang/ruby16 Makefile ports/lang/ruby16/files
patch-cgi.rb ports/lang/ruby18 Makefile ports/lang/ruby18/fi
Dan Langille
dan at langille.org
Thu Nov 25 10:09:14 PST 2004
On 25 Nov 2004 at 19:06, Mathieu Arnold wrote:
> +-le 25/11/2004 12:57 -0500, Dan Langille a dit :
> | On 25 Nov 2004 at 15:25, Simon L. Nielsen wrote:
> |
> |> simon 2004-11-25 15:25:33 UTC
> |>
> |> FreeBSD ports repository (doc committer)
> |>
> |> Modified files:
> |> lang/ruby16 Makefile
> |> lang/ruby18 Makefile
> |> Added files:
> |> lang/ruby16/files patch-cgi.rb
> |> lang/ruby18/files patch-cgi.rb
> |> Log:
> |> Fix DoS in the Ruby CGI module.
> |>
> |> Obtained from: ruby CVS
> |> Reviewed by: trhodes
> |> OK'ed by: maintainer silence
> |> With hat: secteam
> |>
> |> Revision Changes Path
> |> 1.109 +1 -0 ports/lang/ruby16/Makefile
> |> 1.1 +30 -0 ports/lang/ruby16/files/patch-cgi.rb (new)
> |> 1.78 +1 -1 ports/lang/ruby18/Makefile
> |> 1.1 +27 -0 ports/lang/ruby18/files/patch-cgi.rb (new)
> |
> | Thank you for the upgrade.
> |
> | The build process seems to think that the latest and greatest is also
> | vulnerable:
> |
> | [dan at polo:/usr/ports/lang/ruby18] $ sudo make install
> | ===> ruby-1.8.2.p2_2 has known vulnerabilities:
> | >> ruby -- CGI DoS.
> | Reference: <http://www.FreeBSD.org/ports/portaudit/d656296b-33ff-
> | 11d9-a9e7-0001020eed82.html>
> |
> | Yet, that url claims that ruby-1.8.2.p2_2 is not vulnernable.
> |
> | They can't both be right! ;)
>
> I think you should run portaudit -F
That seems to have fixed things...
Should the build process mention that? Or should I just know it?
--
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/
More information about the cvs-ports
mailing list