From owner-cvs-all@FreeBSD.ORG Thu Nov 25 17:57:24 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C6F6E16A4CE; Thu, 25 Nov 2004 17:57:24 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EC0B43D68; Thu, 25 Nov 2004 17:57:24 +0000 (GMT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 748303D37; Thu, 25 Nov 2004 12:57:22 -0500 (EST) From: "Dan Langille" To: "Simon L. Nielsen" Date: Thu, 25 Nov 2004 12:57:23 -0500 MIME-Version: 1.0 Message-ID: <41A5D6B3.11561.6ACA6DC1@localhost> Priority: normal In-reply-to: <200411251525.iAPFPXCc031488@repoman.freebsd.org> X-mailer: Pegasus Mail for Windows (4.21c) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body cc: cvs-ports@FreeBSD.org cc: cvs-all@FreeBSD.org cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/lang/ruby16 Makefile ports/lang/ruby16/files patch-cgi.rb ports/lang/ruby18 Makefile ports/lang/ruby18/fi X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Nov 2004 17:57:24 -0000 On 25 Nov 2004 at 15:25, Simon L. Nielsen wrote: > simon 2004-11-25 15:25:33 UTC > > FreeBSD ports repository (doc committer) > > Modified files: > lang/ruby16 Makefile > lang/ruby18 Makefile > Added files: > lang/ruby16/files patch-cgi.rb > lang/ruby18/files patch-cgi.rb > Log: > Fix DoS in the Ruby CGI module. > > Obtained from: ruby CVS > Reviewed by: trhodes > OK'ed by: maintainer silence > With hat: secteam > > Revision Changes Path > 1.109 +1 -0 ports/lang/ruby16/Makefile > 1.1 +30 -0 ports/lang/ruby16/files/patch-cgi.rb (new) > 1.78 +1 -1 ports/lang/ruby18/Makefile > 1.1 +27 -0 ports/lang/ruby18/files/patch-cgi.rb (new) Thank you for the upgrade. The build process seems to think that the latest and greatest is also vulnerable: [dan@polo:/usr/ports/lang/ruby18] $ sudo make install ===> ruby-1.8.2.p2_2 has known vulnerabilities: >> ruby -- CGI DoS. Reference: Yet, that url claims that ruby-1.8.2.p2_2 is not vulnernable. They can't both be right! ;) -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/