Date: Mon, 07 Jan 2013 02:12:30 +0000 From: Steve Wills <swills@FreeBSD.org> To: Olli Hauer <ohauer@FreeBSD.org> Cc: ruby@FreeBSD.org Subject: Re: ruby and CVE-2012-5664 Message-ID: <50EA2F0E.1050006@FreeBSD.org> In-Reply-To: <50E89410.7040900@FreeBSD.org> References: <50E89410.7040900@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/05/13 20:58, Olli Hauer wrote: > It seems there are new releases for ruby because an security issue CVE-2012-5664 > > Also it seems some ports may be affected, a quick search for CVE-2012-5664 shows also new releases for puppet (enterprise) and others. > > https://groups.google.com/group/rubyonrails-security/browse_thread/thread/c2353369fea8c53 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5664 > http://www.securityfocus.com/bid/57084 > > I'm not using ruby at all, so I can only suspect there will be also other ports in the tree affected. > The issue is in Ruby On Rails, not Ruby itself. There's an update to Ruby 1.9, but it's not a security issue. I'll see what I can do about the Rails update first, then the rest later. Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50EA2F0E.1050006>