Date: Thu, 25 Nov 2004 19:06:43 +0100 From: Mathieu Arnold <mat@FreeBSD.org> To: Dan Langille <dan@langille.org>, "Simon L. Nielsen" <simon@FreeBSD.org> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/lang/ruby16 Makefile ports/lang/ruby16/files patch-cgi.rb ports/lang/ruby18 Makefile ports/lang/ruby18/fi Message-ID: <CCF2E70770D90974D57C0BC8@[192.168.8.51]> In-Reply-To: <41A5D6B3.11561.6ACA6DC1@localhost> References: <41A5D6B3.11561.6ACA6DC1@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========4E07156AC0681495A8CA========== Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline +-le 25/11/2004 12:57 -0500, Dan Langille a dit : | On 25 Nov 2004 at 15:25, Simon L. Nielsen wrote: | |> simon 2004-11-25 15:25:33 UTC |> |> FreeBSD ports repository (doc committer) |> |> Modified files: |> lang/ruby16 Makefile |> lang/ruby18 Makefile |> Added files: |> lang/ruby16/files patch-cgi.rb |> lang/ruby18/files patch-cgi.rb |> Log: |> Fix DoS in the Ruby CGI module. |> |> Obtained from: ruby CVS |> Reviewed by: trhodes |> OK'ed by: maintainer silence |> With hat: secteam |> |> Revision Changes Path |> 1.109 +1 -0 ports/lang/ruby16/Makefile |> 1.1 +30 -0 ports/lang/ruby16/files/patch-cgi.rb (new) |> 1.78 +1 -1 ports/lang/ruby18/Makefile |> 1.1 +27 -0 ports/lang/ruby18/files/patch-cgi.rb (new) | | Thank you for the upgrade. | | The build process seems to think that the latest and greatest is also | vulnerable: | | [dan@polo:/usr/ports/lang/ruby18] $ sudo make install | ===> ruby-1.8.2.p2_2 has known vulnerabilities: | >> ruby -- CGI DoS. | Reference: <http://www.FreeBSD.org/ports/portaudit/d656296b-33ff- | 11d9-a9e7-0001020eed82.html> | | Yet, that url claims that ruby-1.8.2.p2_2 is not vulnernable. | | They can't both be right! ;) I think you should run portaudit -F -- Mathieu Arnold --==========4E07156AC0681495A8CA========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iQEVAwUBQaYfNlvROjYJ63c1AQKIZwgAmgjdEB5/2eQQcVp49hy8+ms13n+FYfY9 QaNpzNeF6l7KVa7RzVNblk2pRdl4jTSg07bNEKqGcCFHhJj4r7FL8ZidfKQ+INWR dIWR3g9GacOkk9hV39P/f88y+LciWZPPXpYZAwWlS8fCLMtylk3NuI6d5ny45oSu GqCWQEKbfCOqLdL0R0y6FEocvRAsNckG+6kw+oXd1mrlk+cJ1oECmv9bSU8jTiXL Bfv4oYk4Ksniys8jPNOW8wnnZxTjZpepPB7uANqBliTitE5KV+2H59AgXsl83X1q nCfyXgM8RpLUch4eJag/ehQqne+ForZBjGx8b4s9gGmo9LXxh1EoWg== =TyiZ -----END PGP SIGNATURE----- --==========4E07156AC0681495A8CA==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CCF2E70770D90974D57C0BC8>