ports/106287: ruby-1.8.5-p2 released
UEDA Hiroyuki
bsdmad at gmail.com
Mon Dec 4 03:00:26 UTC 2006
>Number: 106287
>Category: ports
>Synopsis: ruby-1.8.5-p2 released
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 04 03:00:24 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: UEDA Hiroyuki
>Release: 6.2-RC1
>Organization:
>Environment:
FreeBSD fb5-stable.netforest.co.jp 6.2-RC1 FreeBSD 6.2-RC1 #25: Mon Nov 20 14:57:59 JST 2006 root at fb5-stable.netforest.co.jp:/usr/obj/usr/src/sys/STABLE i386
>Description:
Ruby development team has announced that they rleased ruby-1.8.5-p2 because of security vulnerabilities in lib/cgi.rb. You can see the detail with following URL.
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library
I did sent-pr(http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/105113) and fixed it in current ports, but there is another vulnerability which was not fixed by previous patch.
You can obtain latest tar archive from:
http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p2.tar.gz
>How-To-Repeat:
>Fix:
For fixing this problem, you need to upgrade 1.8.5-p2.
You can obtain latest release from following URL:
http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p2.tar.gz
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list