Re: Ruby vulnerability?
- From: Sergey Matveychuk <sem@xxxxxxxxxxx>
- Date: Sat, 29 Jul 2006 23:49:48 +0400
Shaun Amott wrote:
On Sat, Jul 29, 2006 at 07:54:16PM +0200, Remko Lodder wrote:
Sergey Matveychuk wrote:
Shaun Amott wrote:It is said that the patches are available through the CVSweb
On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote:Can we get patches somewhere? I can't find any.
FYI, Red Hat released an advisory today about a vulnerability in Ruby. SoI've added it; thanks for the report.
far it doesn't appear in the VuXML, but am I correct in presuming it will
soon?
but all the information I could fine was in japanese, which is
a bit difficult to read for me (read: i do not speak nor read
japanese at all).
The CVE report seemed to imply that there was a fix in 1.8.5, which I
assumed had therefore been released. But it seems this isn't the case.
The Ruby folks say they don't publish advisories until there is a fix
ready; and there is no mention of this vulnerability on the website.
CVE report is very unpleasant: "Multiple unspecified vulnerabilities".
Secunia has more professional report.
RedHat is only vendor who released updates, but they are binary. So,
there is no known fix now.
I hope ruby team will release 1.8.5 ASAP.
--
Dixi.
Sem.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Ruby vulnerability?
- From: 植田 裕之
- Re: Ruby vulnerability?
- References:
- Ruby vulnerability?
- From: Joel Hatton
- Re: Ruby vulnerability?
- From: Shaun Amott
- Re: Ruby vulnerability?
- From: Sergey Matveychuk
- Re: Ruby vulnerability?
- From: Remko Lodder
- Re: Ruby vulnerability?
- From: Shaun Amott
- Ruby vulnerability?
- Prev by Date: Re: Ruby vulnerability?
- Next by Date: Re: Ruby vulnerability?
- Previous by thread: Re: Ruby vulnerability?
- Next by thread: Re: Ruby vulnerability?
- Index(es):
Relevant Pages
|
