Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Nov 2004 12:57:23 -0500
From:      "Dan Langille" <dan@langille.org>
To:        "Simon L. Nielsen" <simon@FreeBSD.org>
Cc:        ports-committers@FreeBSD.org
Subject:   Re: cvs commit: ports/lang/ruby16 Makefile ports/lang/ruby16/files patch-cgi.rb ports/lang/ruby18 Makefile ports/lang/ruby18/fi
Message-ID:  <41A5D6B3.11561.6ACA6DC1@localhost>
In-Reply-To: <200411251525.iAPFPXCc031488@repoman.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On 25 Nov 2004 at 15:25, Simon L. Nielsen wrote:

> simon       2004-11-25 15:25:33 UTC
> 
>   FreeBSD ports repository (doc committer)
> 
>   Modified files:
>     lang/ruby16          Makefile 
>     lang/ruby18          Makefile 
>   Added files:
>     lang/ruby16/files    patch-cgi.rb 
>     lang/ruby18/files    patch-cgi.rb 
>   Log:
>   Fix DoS in the Ruby CGI module.
>   
>   Obtained from:  ruby CVS
>   Reviewed by:    trhodes
>   OK'ed by:       maintainer silence
>   With hat:       secteam
>   
>   Revision  Changes    Path
>   1.109     +1 -0      ports/lang/ruby16/Makefile
>   1.1       +30 -0     ports/lang/ruby16/files/patch-cgi.rb (new)
>   1.78      +1 -1      ports/lang/ruby18/Makefile
>   1.1       +27 -0     ports/lang/ruby18/files/patch-cgi.rb (new)

Thank you for the upgrade.

The build process seems to think that the latest and greatest is also 
vulnerable:

[dan@polo:/usr/ports/lang/ruby18] $ sudo make install
 ===> ruby-1.8.2.p2_2 has known vulnerabilities:
 >> ruby -- CGI DoS.
 Reference: <http://www.FreeBSD.org/ports/portaudit/d656296b-33ff-
11d9-a9e7-0001020eed82.html>

Yet, that url claims that ruby-1.8.2.p2_2 is not vulnernable.

They can't both be right!  ;)
-- 
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41A5D6B3.11561.6ACA6DC1>