From owner-freebsd-questions@FreeBSD.ORG Mon Nov 13 15:35:17 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 962BB16A512 for ; Mon, 13 Nov 2006 15:35:17 +0000 (UTC) (envelope-from jeff@seamanpaper.com) Received: from seamanpaper.com (seamanpaper.com [64.62.234.89]) by mx1.FreeBSD.org (Postfix) with SMTP id 563E443D62 for ; Mon, 13 Nov 2006 15:35:17 +0000 (GMT) (envelope-from jeff@seamanpaper.com) Received: from 66.152.240.162 ([66.152.240.162]) by seamanpaper.com for ; Mon, 13 Nov 2006 07:35:09 -0800 Message-ID: <455890AB.1000807@seamanpaper.com> Date: Mon, 13 Nov 2006 10:35:07 -0500 From: Jeff Dickens Organization: Seaman Paper Company User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ruby Vulnerability / portupgrade X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2006 15:35:17 -0000 Regarding the following vulnerabilities as detected by portaudit: Affected package: ruby-1.8.4_4,1 Type of problem: ruby -- cgi.rb library Denial of Service. Reference: Affected package: ruby-1.8.4_4,1 Type of problem: ruby - multiple vulnerabilities. Reference: I see that ruby is only required by portupgrade. Anyone know if there going to be a fix for this vulnerability any time soon? Anyone asked the ruby guys? # pkg_info -R ruby-1.8.4_4,1 Information for ruby-1.8.4_4,1: Required by: portupgrade-2.0.1_1,1 ruby18-bdb1-0.2.2 # pkg_info -R ruby18-bdb1-0.2.2 Information for ruby18-bdb1-0.2.2: Required by: portupgrade-2.0.1_1,1