Date: Sat, 29 Jul 2006 19:09:05 +0100 From: Shaun Amott <shaun@FreeBSD.org> To: Remko Lodder <remko@FreeBSD.org> Cc: Joel Hatton <freebsd@auscert.org.au>, ports@freebsd.org, freebsd-security@freebsd.org, Sergey Matveychuk <sem@FreeBSD.org> Subject: Re: Ruby vulnerability? Message-ID: <20060729180904.GA90113@picobyte.net> In-Reply-To: <44CBA0C8.3080605@FreeBSD.org> References: <200607280503.k6S53hmW007056@app.auscert.org.au> <20060729163453.GA89895@picobyte.net> <44CB99E4.2080708@FreeBSD.org> <44CBA0C8.3080605@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jul 29, 2006 at 07:54:16PM +0200, Remko Lodder wrote:
>
> Sergey Matveychuk wrote:
> >Shaun Amott wrote:
> >>On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote:
> >>>FYI, Red Hat released an advisory today about a vulnerability in Ruby. So
> >>>far it doesn't appear in the VuXML, but am I correct in presuming it will
> >>>soon?
> >>>
> >>I've added it; thanks for the report.
> >>
> >
> >Can we get patches somewhere? I can't find any.
> >
>
> It is said that the patches are available through the CVSweb
> but all the information I could fine was in japanese, which is
> a bit difficult to read for me (read: i do not speak nor read
> japanese at all).
The CVE report seemed to imply that there was a fix in 1.8.5, which I
assumed had therefore been released. But it seems this isn't the case.
The Ruby folks say they don't publish advisories until there is a fix
ready; and there is no mention of this vulnerability on the website.
--
Shaun Amott [ PGP: 0x6B387A9A ]
Scientia Est Potentia.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060729180904.GA90113>