From owner-cvs-all@FreeBSD.ORG  Thu Nov 25 17:57:24 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id C6F6E16A4CE; Thu, 25 Nov 2004 17:57:24 +0000 (GMT)
Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8EC0B43D68; Thu, 25 Nov 2004 17:57:24 +0000 (GMT)
	(envelope-from dan@langille.org)
Received: from wocker (wocker.unixathome.org [192.168.0.99])
	by bast.unixathome.org (Postfix) with ESMTP id 748303D37;
	Thu, 25 Nov 2004 12:57:22 -0500 (EST)
From: "Dan Langille" <dan@langille.org>
To: "Simon L. Nielsen" <simon@FreeBSD.org>
Date: Thu, 25 Nov 2004 12:57:23 -0500
MIME-Version: 1.0
Message-ID: <41A5D6B3.11561.6ACA6DC1@localhost>
Priority: normal
In-reply-to: <200411251525.iAPFPXCc031488@repoman.freebsd.org>
X-mailer: Pegasus Mail for Windows (4.21c)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
cc: cvs-ports@FreeBSD.org
cc: cvs-all@FreeBSD.org
cc: ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/lang/ruby16 Makefile ports/lang/ruby16/files
	patch-cgi.rb ports/lang/ruby18 Makefile ports/lang/ruby18/fi
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Nov 2004 17:57:24 -0000

On 25 Nov 2004 at 15:25, Simon L. Nielsen wrote:

> simon       2004-11-25 15:25:33 UTC
> 
>   FreeBSD ports repository (doc committer)
> 
>   Modified files:
>     lang/ruby16          Makefile 
>     lang/ruby18          Makefile 
>   Added files:
>     lang/ruby16/files    patch-cgi.rb 
>     lang/ruby18/files    patch-cgi.rb 
>   Log:
>   Fix DoS in the Ruby CGI module.
>   
>   Obtained from:  ruby CVS
>   Reviewed by:    trhodes
>   OK'ed by:       maintainer silence
>   With hat:       secteam
>   
>   Revision  Changes    Path
>   1.109     +1 -0      ports/lang/ruby16/Makefile
>   1.1       +30 -0     ports/lang/ruby16/files/patch-cgi.rb (new)
>   1.78      +1 -1      ports/lang/ruby18/Makefile
>   1.1       +27 -0     ports/lang/ruby18/files/patch-cgi.rb (new)

Thank you for the upgrade.

The build process seems to think that the latest and greatest is also 
vulnerable:

[dan@polo:/usr/ports/lang/ruby18] $ sudo make install
 ===> ruby-1.8.2.p2_2 has known vulnerabilities:
 >> ruby -- CGI DoS.
 Reference: <http://www.FreeBSD.org/ports/portaudit/d656296b-33ff-
11d9-a9e7-0001020eed82.html>

Yet, that url claims that ruby-1.8.2.p2_2 is not vulnernable.

They can't both be right!  ;)
-- 
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/