ruby-1.8.7.371,1 is vulnerable ?
Anton Shterenlikht
mexas at bristol.ac.uk
Fri Feb 22 10:12:40 UTC 2013
On 19-FEB I saw in the daily logs:
Checking for packages with security vulnerabilities:
Database fetched: Mon Feb 18 03:02:54 GMT 2013
ruby-1.8.7.371,1 is vulnerable:
Ruby -- XSS exploit of RDoc documentation generated by rdoc
WWW: http://portaudit.FreeBSD.org/d3e96508-056b-4259-88ad-50dc8d1978a6.html
ruby-1.8.7.371,1 is vulnerable:
Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON
WWW: http://portaudit.FreeBSD.org/c79eb109-a754-45d7-b552-a42099eb2265.html
But there is nothing in UPDATING, and now this
warning has gone, while the port has not been updated:
$ pkg version -vX ruby
ruby-1.8.7.371,1 = up-to-date with port
So is this port vulnerable or not?
If yet, should I switch to lang/ruby19?
If not, was this some false positive,
corrected later?
Thanks
Anton
More information about the freebsd-ports
mailing list