ruby and CVE-2012-5664
Steve Wills
swills at FreeBSD.org
Mon Jan 7 02:12:43 UTC 2013
On 01/05/13 20:58, Olli Hauer wrote:
> It seems there are new releases for ruby because an security issue CVE-2012-5664
>
> Also it seems some ports may be affected, a quick search for CVE-2012-5664 shows also new releases for puppet (enterprise) and others.
>
> https://groups.google.com/group/rubyonrails-security/browse_thread/thread/c2353369fea8c53
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5664
> http://www.securityfocus.com/bid/57084
>
> I'm not using ruby at all, so I can only suspect there will be also other ports in the tree affected.
>
The issue is in Ruby On Rails, not Ruby itself. There's an update to
Ruby 1.9, but it's not a security issue. I'll see what I can do about
the Rails update first, then the rest later.
Steve
More information about the freebsd-ruby
mailing list