Date: Mon, 13 Nov 2006 17:11:20 +0100 From: Karol Kwiatkowski <freebsd@orchid.homeunix.org> To: Jeff Dickens <jeff@seamanpaper.com> Cc: freebsd-questions@freebsd.org Subject: Re: ruby Vulnerability / portupgrade Message-ID: <45589928.7070601@orchid.homeunix.org> In-Reply-To: <455890AB.1000807@seamanpaper.com> References: <455890AB.1000807@seamanpaper.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi Jeff, On 13/11/2006 16:35, Jeff Dickens wrote: > Regarding the following vulnerabilities as detected by portaudit: > > Affected package: ruby-1.8.4_4,1 > Type of problem: ruby -- cgi.rb library Denial of Service. > Reference: > > <http://www.FreeBSD.org/ports/portaudit/ab8dbe98-6be4-11db-ae91-0012f06707f0.html>; From the link: % Affects: % * ruby >=1.8.* <1.8.5_4,1 % * ruby_static >=1.8.* <1.8.5_4,1 The latest version of ruby in ports is 1.8.5_4,1 which is not affected[1]. > Affected package: ruby-1.8.4_4,1 > Type of problem: ruby - multiple vulnerabilities. > Reference: > > <http://www.FreeBSD.org/ports/portaudit/76562594-1f19-11db-b7d4-0008743bf21a.html>; Hmmm... not sure about this one, but if I'm reading CVE-2006-3694[2] right ruby 1.8.5 is not affected. portaudit is not complaining, too. HTH, Karol [1] http://www.freebsd.org/cgi/getmsg.cgi?fetch=2891067+0+/usr/local/www/db/text/2006/cvs-all/20061105.cvs-all [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694 -- Karol Kwiatkowski <freebsd at orchid dot homeunix dot org> OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFWJkwezeoPAwGIYsRCCPJAJoDwBmp+hCr0DmVl33k2l2s3pBaGgCfSKxC Zv2w09vJuLjnr+Ox+cqp+Nc= =Pb8S -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45589928.7070601>