cvs commit: ports/lang/ruby16 Makefile ports/lang/ruby16/files
patch-cgi.rb ports/lang/ruby18 Makefile ports/lang/ruby18/fi
Dan Langille
dan at langille.org
Thu Nov 25 09:57:24 PST 2004
On 25 Nov 2004 at 15:25, Simon L. Nielsen wrote:
> simon 2004-11-25 15:25:33 UTC
>
> FreeBSD ports repository (doc committer)
>
> Modified files:
> lang/ruby16 Makefile
> lang/ruby18 Makefile
> Added files:
> lang/ruby16/files patch-cgi.rb
> lang/ruby18/files patch-cgi.rb
> Log:
> Fix DoS in the Ruby CGI module.
>
> Obtained from: ruby CVS
> Reviewed by: trhodes
> OK'ed by: maintainer silence
> With hat: secteam
>
> Revision Changes Path
> 1.109 +1 -0 ports/lang/ruby16/Makefile
> 1.1 +30 -0 ports/lang/ruby16/files/patch-cgi.rb (new)
> 1.78 +1 -1 ports/lang/ruby18/Makefile
> 1.1 +27 -0 ports/lang/ruby18/files/patch-cgi.rb (new)
Thank you for the upgrade.
The build process seems to think that the latest and greatest is also
vulnerable:
[dan at polo:/usr/ports/lang/ruby18] $ sudo make install
===> ruby-1.8.2.p2_2 has known vulnerabilities:
>> ruby -- CGI DoS.
Reference: <http://www.FreeBSD.org/ports/portaudit/d656296b-33ff-
11d9-a9e7-0001020eed82.html>
Yet, that url claims that ruby-1.8.2.p2_2 is not vulnernable.
They can't both be right! ;)
--
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/
More information about the cvs-all
mailing list