Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 10 Jan 2013 17:36:35 +0000
From:      Eric <freebsdlists-ruby@chillibear.com>
To:        <ruby@FreeBSD.org>
Cc:        Steve Wills <swills@FreeBSD.org>
Subject:   RoR: CVE-2013-0155 and CVE-2013-0156 [was Re: ruby and CVE-2012-5664]
Message-ID:  <CD14ACA3.3356A%freebsdlists-ruby@chillibear.com>
In-Reply-To: <50EA2F0E.1050006@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
>> On 01/05/13 20:58, Olli Hauer wrote:
>> It seems there are new releases for ruby because an security issue
>> CVE-2012-5664
>> 
> The issue is in Ruby On Rails, not Ruby itself. There's an update to
> Ruby 1.9, but it's not a security issue. I'll see what I can do about
> the Rails update first, then the rest later.
> 
> Steve

Following up on the update to Rails, it doesn't look like it's a good new
year for Ruby on Rails:

http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15
-have-been-released/

Two more serious exploits listed:

CVE-2013-0155:
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b7
5585bae4326af2

CVE-2013-0156 
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/eb
56e482f9d21934





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CD14ACA3.3356A%freebsdlists-ruby>