Ruby vulnerability?

Shaun Amott shaun at
Sat Jul 29 18:09:07 UTC 2006

On Sat, Jul 29, 2006 at 07:54:16PM +0200, Remko Lodder wrote:
> Sergey Matveychuk wrote:
> >Shaun Amott wrote:
> >>On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote:
> >>>FYI, Red Hat released an advisory today about a vulnerability in Ruby. So
> >>>far it doesn't appear in the VuXML, but am I correct in presuming it will
> >>>soon?
> >>>
> >>I've added it; thanks for the report.
> >>
> >
> >Can we get patches somewhere? I can't find any.
> >
> It is said that the patches are available through the CVSweb
> but all the information I could fine was in japanese, which is
> a bit difficult to read for me (read: i do not speak nor read
> japanese at all).

The CVE report seemed to imply that there was a fix in 1.8.5, which I
assumed had therefore been released. But it seems this isn't the case.

The Ruby folks say they don't publish advisories until there is a fix
ready; and there is no mention of this vulnerability on the website.

Shaun Amott [ PGP: 0x6B387A9A ]
    Scientia Est Potentia.

More information about the freebsd-ports mailing list