From owner-freebsd-ports@FreeBSD.ORG Sun Jun 21 06:43:38 2015 Return-Path: Delivered-To: ports@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 81268E9; Sun, 21 Jun 2015 06:43:38 +0000 (UTC) (envelope-from bretislav.kubesa@gmail.com) Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com [209.85.212.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 222D362A; Sun, 21 Jun 2015 06:43:37 +0000 (UTC) (envelope-from bretislav.kubesa@gmail.com) Received: by wiga1 with SMTP id a1so50439995wig.0; Sat, 20 Jun 2015 23:43:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=subject:to:cc:from:message-id:date:user-agent:mime-version :content-type:content-transfer-encoding; bh=IKxeigbNzRTq9PaSeJwCPA3KCq2bcisThRMgPnpPLVc=; b=XKID19F7mveZYxz/umHmFxMngBpBS/yE2H7IUieEVQ7aZDCbAjbWMtWuHios7R3WVm lDfQu9X7Zi+rhoJc22sI/UL4tFFchRVUWXPbRYG9zGA9jeHu+y+akmW7VHS/7hGIW85Q MK2DasRmh7riXo92M6dNo1VfHsNNDQ7Oxc8tpdwCp8bJYNcV0nSH1Z2vQ2yEG0C7eNAd kIKYINOyyuUofWPjniZmgrFWBNlmsr4MrUltYE0YCpycsR9E5mMiivNs1/w3fbfb9cQg zq0p9IvLoCdt+z2rHxwiDBsncaS+KfbxUDtLGQB1mI0i6t8duTvvVHyL3OAAKtWS+j6e ZmzA== X-Received: by 10.180.228.6 with SMTP id se6mr20753720wic.33.1434869015764; Sat, 20 Jun 2015 23:43:35 -0700 (PDT) Received: from [10.0.0.5] (ip-46-167-228-18.kmenet.cz. [46.167.228.18]) by mx.google.com with ESMTPSA id q2sm24410749wjz.15.2015.06.20.23.43.34 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 20 Jun 2015 23:43:35 -0700 (PDT) Subject: FreeBSD Port: ruby20-2.0.0.645,1 - reported as vulnerable while it isn't ? To: ruby@FreeBSD.org Cc: ports@FreeBSD.org From: =?UTF-8?Q?Ing._B=c5=99etislav_Kubesa?= Message-ID: <55865D15.5010608@gmail.com> Date: Sun, 21 Jun 2015 08:43:33 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.0 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jun 2015 06:43:38 -0000 Hi, already for longer time while updating to 2.0.0.645,1 version, I'm getting message that it's vulnerable, but I think it's not the case as vulnerable are ruby20 < 2.0.0.645,1 (but it's not ruby20 <= 2.0.0.645,1). However I'm not sure where to report it for checking, so I hope it's the right place here. Thank you. ---> Upgrading 'ruby-2.0.0.643_1,1' to 'ruby-2.0.0.645,1' (lang/ruby20) ---> Building '/usr/ports/lang/ruby20' ===> Cleaning for ruby-2.0.0.645,1 ===> ruby-2.0.0.645,1 has known vulnerabilities: ruby-2.0.0.645,1 is vulnerable: Ruby -- OpenSSL Hostname Verification Vulnerability CVE: CVE-2015-1855 WWW: http://vuxml.FreeBSD.org/freebsd/d4379f59-3e9b-49eb-933b-61de4d0b0fdb.html Best regards, Bretislav Kubesa