From owner-cvs-ports@FreeBSD.ORG Thu Nov 25 18:06:49 2004 Return-Path: Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD83216A4CE; Thu, 25 Nov 2004 18:06:49 +0000 (GMT) Received: from plouf.absolight.net (plouf.absolight.net [212.43.217.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 998C743D3F; Thu, 25 Nov 2004 18:06:49 +0000 (GMT) (envelope-from mat@FreeBSD.org) Received: from [192.168.8.51] (abeille.free.absolight.net [82.66.245.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by plouf.absolight.net (Postfix) with ESMTP id 8B907A24007; Thu, 25 Nov 2004 19:06:48 +0100 (CET) Date: Thu, 25 Nov 2004 19:06:43 +0100 From: Mathieu Arnold To: Dan Langille , "Simon L. Nielsen" Message-ID: In-Reply-To: <41A5D6B3.11561.6ACA6DC1@localhost> References: <41A5D6B3.11561.6ACA6DC1@localhost> X-Mailer: Mulberry/4.0.0a2 (Win32) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="==========4E07156AC0681495A8CA==========" cc: cvs-ports@FreeBSD.org cc: cvs-all@FreeBSD.org cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/lang/ruby16 Makefile ports/lang/ruby16/files patch-cgi.rb ports/lang/ruby18 Makefile ports/lang/ruby18/fi X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Nov 2004 18:06:50 -0000 --==========4E07156AC0681495A8CA========== Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline +-le 25/11/2004 12:57 -0500, Dan Langille a dit : | On 25 Nov 2004 at 15:25, Simon L. Nielsen wrote: | |> simon 2004-11-25 15:25:33 UTC |> |> FreeBSD ports repository (doc committer) |> |> Modified files: |> lang/ruby16 Makefile |> lang/ruby18 Makefile |> Added files: |> lang/ruby16/files patch-cgi.rb |> lang/ruby18/files patch-cgi.rb |> Log: |> Fix DoS in the Ruby CGI module. |> |> Obtained from: ruby CVS |> Reviewed by: trhodes |> OK'ed by: maintainer silence |> With hat: secteam |> |> Revision Changes Path |> 1.109 +1 -0 ports/lang/ruby16/Makefile |> 1.1 +30 -0 ports/lang/ruby16/files/patch-cgi.rb (new) |> 1.78 +1 -1 ports/lang/ruby18/Makefile |> 1.1 +27 -0 ports/lang/ruby18/files/patch-cgi.rb (new) | | Thank you for the upgrade. | | The build process seems to think that the latest and greatest is also | vulnerable: | | [dan@polo:/usr/ports/lang/ruby18] $ sudo make install | ===> ruby-1.8.2.p2_2 has known vulnerabilities: | >> ruby -- CGI DoS. | Reference: | | Yet, that url claims that ruby-1.8.2.p2_2 is not vulnernable. | | They can't both be right! ;) I think you should run portaudit -F -- Mathieu Arnold --==========4E07156AC0681495A8CA========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iQEVAwUBQaYfNlvROjYJ63c1AQKIZwgAmgjdEB5/2eQQcVp49hy8+ms13n+FYfY9 QaNpzNeF6l7KVa7RzVNblk2pRdl4jTSg07bNEKqGcCFHhJj4r7FL8ZidfKQ+INWR dIWR3g9GacOkk9hV39P/f88y+LciWZPPXpYZAwWlS8fCLMtylk3NuI6d5ny45oSu GqCWQEKbfCOqLdL0R0y6FEocvRAsNckG+6kw+oXd1mrlk+cJ1oECmv9bSU8jTiXL Bfv4oYk4Ksniys8jPNOW8wnnZxTjZpepPB7uANqBliTitE5KV+2H59AgXsl83X1q nCfyXgM8RpLUch4eJag/ehQqne+ForZBjGx8b4s9gGmo9LXxh1EoWg== =TyiZ -----END PGP SIGNATURE----- --==========4E07156AC0681495A8CA==========--