Ruby vulnerability?

植田 裕之 ueda at
Sun Jul 30 03:13:25 UTC 2006

Dear Sirs,

> CVE report is very unpleasant: "Multiple unspecified vulnerabilities".
> Secunia has more professional report.
> RedHat is only vendor who released updates, but they are binary. So,
> there is no known fix now.

Following information maybe help you:

But matz(ruby creator) has not mentioned about this yet. And he has said
that he has no will to release patch for the vulnerabilites.

The message is in Japanese and the content is as follows.

	At present, a patch for these vulnerabilites is not ready
	because the problems occur only with $SAFE=4. So the
	vulnerabilities will be serious only when alll the following
	conditions are satisfied.

		* You use $SAFE=4 sandbox
		* You run untrusted codes

> I hope ruby team will release 1.8.5 ASAP.

On 18th July, ruby 1.8.5 preview2 was released and release date of 1.8.5
will be near middle of August if they works on schedule.

Best regards.

UEDA Hiroyuki <ueda at>

More information about the freebsd-ports mailing list