Date: Thu, 25 Nov 2004 12:57:23 -0500 From: "Dan Langille" <dan@langille.org> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/lang/ruby16 Makefile ports/lang/ruby16/files patch-cgi.rb ports/lang/ruby18 Makefile ports/lang/ruby18/fi Message-ID: <41A5D6B3.11561.6ACA6DC1@localhost> In-Reply-To: <200411251525.iAPFPXCc031488@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 Nov 2004 at 15:25, Simon L. Nielsen wrote: > simon 2004-11-25 15:25:33 UTC > > FreeBSD ports repository (doc committer) > > Modified files: > lang/ruby16 Makefile > lang/ruby18 Makefile > Added files: > lang/ruby16/files patch-cgi.rb > lang/ruby18/files patch-cgi.rb > Log: > Fix DoS in the Ruby CGI module. > > Obtained from: ruby CVS > Reviewed by: trhodes > OK'ed by: maintainer silence > With hat: secteam > > Revision Changes Path > 1.109 +1 -0 ports/lang/ruby16/Makefile > 1.1 +30 -0 ports/lang/ruby16/files/patch-cgi.rb (new) > 1.78 +1 -1 ports/lang/ruby18/Makefile > 1.1 +27 -0 ports/lang/ruby18/files/patch-cgi.rb (new) Thank you for the upgrade. The build process seems to think that the latest and greatest is also vulnerable: [dan@polo:/usr/ports/lang/ruby18] $ sudo make install ===> ruby-1.8.2.p2_2 has known vulnerabilities: >> ruby -- CGI DoS. Reference: <http://www.FreeBSD.org/ports/portaudit/d656296b-33ff- 11d9-a9e7-0001020eed82.html> Yet, that url claims that ruby-1.8.2.p2_2 is not vulnernable. They can't both be right! ;) -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41A5D6B3.11561.6ACA6DC1>