Ruby development team has announced that they rleased ruby-1.8.5-p2 because of security vulnerabilities in lib/cgi.rb. You can see the detail with following URL. http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library I did sent-pr(http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/105113) and fixed it in current ports, but there is another vulnerability which was not fixed by previous patch. You can obtain latest tar archive from: http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p2.tar.gz Fix: For fixing this problem, you need to upgrade 1.8.5-p2. You can obtain latest release from following URL: http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p2.tar.gz
Responsible Changed From-To: freebsd-ports-bugs->stas Over to maintainer
State Changed From-To: open->closed I've decided to commit the patch for the cgi library instead, as it's very small. Thanks for the report!
stas 2006-12-04 20:33:04 UTC FreeBSD ports repository Modified files: lang/ruby18 Makefile lang/ruby18/files patch-lib_cgi.rb Log: - Fix an another cgi library vulnerability - Bump portrevision PR: ports/106287 Reported by: UEDA Hiroyuki <bsdmad@gmail.com> Obtained from: ruby cvs Revision Changes Path 1.121 +1 -1 ports/lang/ruby18/Makefile 1.2 +28 -3 ports/lang/ruby18/files/patch-lib_cgi.rb _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"