Date: Sun, 21 Jun 2015 08:43:33 +0200 From: =?UTF-8?Q?Ing._B=c5=99etislav_Kubesa?= <bretislav.kubesa@gmail.com> To: ruby@FreeBSD.org Cc: ports@FreeBSD.org Subject: FreeBSD Port: ruby20-2.0.0.645,1 - reported as vulnerable while it isn't ? Message-ID: <55865D15.5010608@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, already for longer time while updating to 2.0.0.645,1 version, I'm getting message that it's vulnerable, but I think it's not the case as vulnerable are ruby20 < 2.0.0.645,1 (but it's not ruby20 <= 2.0.0.645,1). However I'm not sure where to report it for checking, so I hope it's the right place here. Thank you. ---> Upgrading 'ruby-2.0.0.643_1,1' to 'ruby-2.0.0.645,1' (lang/ruby20) ---> Building '/usr/ports/lang/ruby20' ===> Cleaning for ruby-2.0.0.645,1 ===> ruby-2.0.0.645,1 has known vulnerabilities: ruby-2.0.0.645,1 is vulnerable: Ruby -- OpenSSL Hostname Verification Vulnerability CVE: CVE-2015-1855 WWW: http://vuxml.FreeBSD.org/freebsd/d4379f59-3e9b-49eb-933b-61de4d0b0fdb.html Best regards, Bretislav Kubesa
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55865D15.5010608>