Date: Sun, 13 Jan 2013 21:09:33 +0000 From: Steve Wills <swills@FreeBSD.org> To: Eric <freebsdlists-ruby@chillibear.com> Cc: ruby@FreeBSD.org Subject: Re: RoR: CVE-2013-0155 and CVE-2013-0156 [was Re: ruby and CVE-2012-5664] Message-ID: <50F3228D.3050200@FreeBSD.org> In-Reply-To: <CD14ACA3.3356A%freebsdlists-ruby@chillibear.com> References: <CD14ACA3.3356A%freebsdlists-ruby@chillibear.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/10/13 17:36, Eric wrote: >>> On 01/05/13 20:58, Olli Hauer wrote: >>> It seems there are new releases for ruby because an security issue >>> CVE-2012-5664 >>> >> The issue is in Ruby On Rails, not Ruby itself. There's an update to >> Ruby 1.9, but it's not a security issue. I'll see what I can do about >> the Rails update first, then the rest later. >> >> Steve > > Following up on the update to Rails, it doesn't look like it's a good new > year for Ruby on Rails: > > http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15 > -have-been-released/ > > Two more serious exploits listed: > > CVE-2013-0155: > https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b7 > 5585bae4326af2 > > CVE-2013-0156 > https://groups.google.com/group/rubyonrails-security/browse_thread/thread/eb > 56e482f9d21934 > Yeah, I committed the fixes and vuxml for both sets at the same time. Thanks! Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50F3228D.3050200>