Shaun Amott wrote: > On Sat, Jul 29, 2006 at 07:54:16PM +0200, Remko Lodder wrote: >> Sergey Matveychuk wrote: >>> Shaun Amott wrote: >>>> On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote: >>>>> FYI, Red Hat released an advisory today about a vulnerability in Ruby. So >>>>> far it doesn't appear in the VuXML, but am I correct in presuming it will >>>>> soon? >>>>> >>>> I've added it; thanks for the report. >>>> >>> Can we get patches somewhere? I can't find any. >>> >> It is said that the patches are available through the CVSweb >> but all the information I could fine was in japanese, which is >> a bit difficult to read for me (read: i do not speak nor read >> japanese at all). > > The CVE report seemed to imply that there was a fix in 1.8.5, which I > assumed had therefore been released. But it seems this isn't the case. > > The Ruby folks say they don't publish advisories until there is a fix > ready; and there is no mention of this vulnerability on the website. >
CVE report is very unpleasant: "Multiple unspecified vulnerabilities". Secunia has more professional report. RedHat is only vendor who released updates, but they are binary. So, there is no known fix now. I hope ruby team will release 1.8.5 ASAP. -- Dixi. Sem. _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
