Ruby vulnerability?
Shaun Amott
shaun at FreeBSD.org
Sat Jul 29 18:09:07 UTC 2006
On Sat, Jul 29, 2006 at 07:54:16PM +0200, Remko Lodder wrote:
>
> Sergey Matveychuk wrote:
> >Shaun Amott wrote:
> >>On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote:
> >>>FYI, Red Hat released an advisory today about a vulnerability in Ruby. So
> >>>far it doesn't appear in the VuXML, but am I correct in presuming it will
> >>>soon?
> >>>
> >>I've added it; thanks for the report.
> >>
> >
> >Can we get patches somewhere? I can't find any.
> >
>
> It is said that the patches are available through the CVSweb
> but all the information I could fine was in japanese, which is
> a bit difficult to read for me (read: i do not speak nor read
> japanese at all).
The CVE report seemed to imply that there was a fix in 1.8.5, which I
assumed had therefore been released. But it seems this isn't the case.
The Ruby folks say they don't publish advisories until there is a fix
ready; and there is no mention of this vulnerability on the website.
--
Shaun Amott [ PGP: 0x6B387A9A ]
Scientia Est Potentia.
More information about the freebsd-ports
mailing list