From owner-freebsd-ruby@FreeBSD.ORG Sat Jan 5 20:58:00 2013 Return-Path: Delivered-To: ruby@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id DA64E8E5; Sat, 5 Jan 2013 20:58:00 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from p578be941.dip0.t-ipconnect.de (p578be941.dip0.t-ipconnect.de [87.139.233.65]) by mx1.freebsd.org (Postfix) with ESMTP id 9D60B2F2; Sat, 5 Jan 2013 20:58:00 +0000 (UTC) Received: from [192.168.0.100] (cde1100.uni.vrs [192.168.0.100]) (Authenticated sender: ohauer) by p578be941.dip0.t-ipconnect.de (Postfix) with ESMTPSA id 9830020911; Sat, 5 Jan 2013 21:57:47 +0100 (CET) Message-ID: <50E89410.7040900@FreeBSD.org> Date: Sat, 05 Jan 2013 21:58:56 +0100 From: Olli Hauer User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: ruby@FreeBSD.org Subject: ruby and CVE-2012-5664 X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: Steve Wills X-BeenThere: freebsd-ruby@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: FreeBSD-specific Ruby discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jan 2013 20:58:00 -0000 It seems there are new releases for ruby because an security issue CVE-2012-5664 Also it seems some ports may be affected, a quick search for CVE-2012-5664 shows also new releases for puppet (enterprise) and others. https://groups.google.com/group/rubyonrails-security/browse_thread/thread/c2353369fea8c53 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5664 http://www.securityfocus.com/bid/57084 I'm not using ruby at all, so I can only suspect there will be also other ports in the tree affected. -- Regards, olli