From owner-freebsd-questions@FreeBSD.ORG Mon Nov 13 16:19:06 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 045B316A614 for ; Mon, 13 Nov 2006 16:19:06 +0000 (UTC) (envelope-from freebsd@orchid.homeunix.org) Received: from orchid.homeunix.org (aus224.neoplus.adsl.tpnet.pl [83.27.26.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1290043E9E for ; Mon, 13 Nov 2006 16:11:53 +0000 (GMT) (envelope-from freebsd@orchid.homeunix.org) Received: from [192.168.1.66] (blackacidevil.orchid.homeunix.org [192.168.1.66]) (authenticated bits=0) by orchid.homeunix.org (8.13.6/8.13.6) with ESMTP id kADGBStS062191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 13 Nov 2006 17:11:36 +0100 (CET) (envelope-from freebsd@orchid.homeunix.org) Message-ID: <45589928.7070601@orchid.homeunix.org> Date: Mon, 13 Nov 2006 17:11:20 +0100 From: Karol Kwiatkowski User-Agent: Thunderbird 1.5.0.8 (X11/20061110) MIME-Version: 1.0 To: Jeff Dickens References: <455890AB.1000807@seamanpaper.com> In-Reply-To: <455890AB.1000807@seamanpaper.com> X-Enigmail-Version: 0.94.1.0 OpenPGP: id=06E09309; url=http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig778AFE3778803F0C1D41A74B" X-Virus-Scanned: ClamAV 0.88.6/2190/Mon Nov 13 10:31:57 2006 on orchid.homeunix.org X-Virus-Status: Clean Cc: freebsd-questions@freebsd.org Subject: Re: ruby Vulnerability / portupgrade X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd@orchid.homeunix.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2006 16:19:06 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig778AFE3778803F0C1D41A74B Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi Jeff, On 13/11/2006 16:35, Jeff Dickens wrote: > Regarding the following vulnerabilities as detected by portaudit: >=20 > Affected package: ruby-1.8.4_4,1 > Type of problem: ruby -- cgi.rb library Denial of Service. > Reference: > =20 > =46rom the link: % Affects: % * ruby >=3D1.8.* <1.8.5_4,1 % * ruby_static >=3D1.8.* <1.8.5_4,1 The latest version of ruby in ports is 1.8.5_4,1 which is not affected[1]= =2E > Affected package: ruby-1.8.4_4,1 > Type of problem: ruby - multiple vulnerabilities. > Reference: > =20 > Hmmm... not sure about this one, but if I'm reading CVE-2006-3694[2] right ruby 1.8.5 is not affected. portaudit is not complaining, too. HTH, Karol [1] http://www.freebsd.org/cgi/getmsg.cgi?fetch=3D2891067+0+/usr/local/www/db= /text/2006/cvs-all/20061105.cvs-all [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2006-3694 --=20 Karol Kwiatkowski OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc --------------enig778AFE3778803F0C1D41A74B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFWJkwezeoPAwGIYsRCCPJAJoDwBmp+hCr0DmVl33k2l2s3pBaGgCfSKxC Zv2w09vJuLjnr+Ox+cqp+Nc= =Pb8S -----END PGP SIGNATURE----- --------------enig778AFE3778803F0C1D41A74B--