Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 19 Nov 2004 03:39:22 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Feczak Szabolcs <feczo@siodigit.hu>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: ruby-1.8.2.p2_1 has known vulnerabilities-- CGI DoS
Message-ID:  <20041119113922.GB87454@xor.obsecurity.org>
In-Reply-To: <1100859287.8003.4.camel@localhost.localdomain>
References:  <1100859287.8003.4.camel@localhost.localdomain>

next in thread | previous in thread | raw e-mail | index | archive | help

--mxv5cy4qt+RJ9ypb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Nov 19, 2004 at 11:14:46AM +0100, Feczak Szabolcs wrote:
> Please mark the port forbidden according to
> http://www.freebsd.org/ports/portaudit/d656296b-33ff-11d9-a9e7-0001020eed82.html
> till the update comes

That probably wouldn't be appropriate since the vulnerability affects
only one aspect of the ruby port that is irrelevant for most users
(consider that most people use ruby for portupgrade).  portaudit
already knows about this problem, which is the appropriate place for
minor problems like this.

Kris

--mxv5cy4qt+RJ9ypb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBndtqWry0BWjoQKURAvzaAKD1cI3agc/wNy3Obwt31jGW7VjbwwCgiZ3h
Zi3ngKRqzvvS+G1wJljxRc0=
=7EWM
-----END PGP SIGNATURE-----

--mxv5cy4qt+RJ9ypb--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041119113922.GB87454>