ruby Vulnerability / portupgrade

Mon Nov 13 15:35:17 UTC 2006

Regarding the following vulnerabilities as detected by portaudit:

    Affected package: ruby-1.8.4_4,1
    Type of problem: ruby -- cgi.rb library Denial of Service.
    Reference:
    <http://www.FreeBSD.org/ports/portaudit/ab8dbe98-6be4-11db-ae91-0012f06707f0.html>

    Affected package: ruby-1.8.4_4,1
    Type of problem: ruby - multiple vulnerabilities.
    Reference:
    <http://www.FreeBSD.org/ports/portaudit/76562594-1f19-11db-b7d4-0008743bf21a.html>

I see that ruby is only required by portupgrade.  Anyone know if there going to be a fix for this vulnerability any time soon? Anyone asked the ruby guys?

    # pkg_info -R ruby-1.8.4_4,1
    Information for ruby-1.8.4_4,1:

    Required by:
    portupgrade-2.0.1_1,1
    ruby18-bdb1-0.2.2

    # pkg_info -R ruby18-bdb1-0.2.2
    Information for ruby18-bdb1-0.2.2:

    Required by:
    portupgrade-2.0.1_1,1