Date: Mon, 13 Nov 2006 10:35:07 -0500 From: Jeff Dickens <jeff@seamanpaper.com> To: freebsd-questions@freebsd.org Subject: ruby Vulnerability / portupgrade Message-ID: <455890AB.1000807@seamanpaper.com>
next in thread | raw e-mail | index | archive | help
Regarding the following vulnerabilities as detected by portaudit: Affected package: ruby-1.8.4_4,1 Type of problem: ruby -- cgi.rb library Denial of Service. Reference: <http://www.FreeBSD.org/ports/portaudit/ab8dbe98-6be4-11db-ae91-0012f06707f0.html> Affected package: ruby-1.8.4_4,1 Type of problem: ruby - multiple vulnerabilities. Reference: <http://www.FreeBSD.org/ports/portaudit/76562594-1f19-11db-b7d4-0008743bf21a.html> I see that ruby is only required by portupgrade. Anyone know if there going to be a fix for this vulnerability any time soon? Anyone asked the ruby guys? # pkg_info -R ruby-1.8.4_4,1 Information for ruby-1.8.4_4,1: Required by: portupgrade-2.0.1_1,1 ruby18-bdb1-0.2.2 # pkg_info -R ruby18-bdb1-0.2.2 Information for ruby18-bdb1-0.2.2: Required by: portupgrade-2.0.1_1,1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?455890AB.1000807>