Re: Ruby vulnerability?
- From: Shaun Amott <shaun@xxxxxxxxxxx>
- Date: Sat, 29 Jul 2006 19:09:05 +0100
On Sat, Jul 29, 2006 at 07:54:16PM +0200, Remko Lodder wrote:
Sergey Matveychuk wrote:
Shaun Amott wrote:
On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote:
FYI, Red Hat released an advisory today about a vulnerability in Ruby. SoI've added it; thanks for the report.
far it doesn't appear in the VuXML, but am I correct in presuming it will
soon?
Can we get patches somewhere? I can't find any.
It is said that the patches are available through the CVSweb
but all the information I could fine was in japanese, which is
a bit difficult to read for me (read: i do not speak nor read
japanese at all).
The CVE report seemed to imply that there was a fix in 1.8.5, which I
assumed had therefore been released. But it seems this isn't the case.
The Ruby folks say they don't publish advisories until there is a fix
ready; and there is no mention of this vulnerability on the website.
--
Shaun Amott [ PGP: 0x6B387A9A ]
Scientia Est Potentia.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Ruby vulnerability?
- From: Sergey Matveychuk
- Re: Ruby vulnerability?
- References:
- Ruby vulnerability?
- From: Joel Hatton
- Re: Ruby vulnerability?
- From: Shaun Amott
- Re: Ruby vulnerability?
- From: Sergey Matveychuk
- Re: Ruby vulnerability?
- From: Remko Lodder
- Ruby vulnerability?
- Prev by Date: Re: Ruby vulnerability?
- Next by Date: Re: Ruby vulnerability?
- Previous by thread: Re: Ruby vulnerability?
- Next by thread: Re: Ruby vulnerability?
- Index(es):
Relevant Pages
|
|
