ruby Vulnerability / portupgrade
Karol Kwiatkowski
freebsd at orchid.homeunix.org
Mon Nov 13 16:19:06 UTC 2006
Hi Jeff,
On 13/11/2006 16:35, Jeff Dickens wrote:
> Regarding the following vulnerabilities as detected by portaudit:
>
> Affected package: ruby-1.8.4_4,1
> Type of problem: ruby -- cgi.rb library Denial of Service.
> Reference:
>
> <http://www.FreeBSD.org/ports/portaudit/ab8dbe98-6be4-11db-ae91-0012f06707f0.html>
From the link:
% Affects:
% * ruby >=1.8.* <1.8.5_4,1
% * ruby_static >=1.8.* <1.8.5_4,1
The latest version of ruby in ports is 1.8.5_4,1 which is not affected[1].
> Affected package: ruby-1.8.4_4,1
> Type of problem: ruby - multiple vulnerabilities.
> Reference:
>
> <http://www.FreeBSD.org/ports/portaudit/76562594-1f19-11db-b7d4-0008743bf21a.html>
Hmmm... not sure about this one, but if I'm reading CVE-2006-3694[2]
right ruby 1.8.5 is not affected. portaudit is not complaining, too.
HTH,
Karol
[1]
http://www.freebsd.org/cgi/getmsg.cgi?fetch=2891067+0+/usr/local/www/db/text/2006/cvs-all/20061105.cvs-all
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694
--
Karol Kwiatkowski <freebsd at orchid dot homeunix dot org>
OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061113/1592a685/signature.pgp
More information about the freebsd-questions
mailing list