cvs commit: ports/lang/ruby16 Makefile ports/lang/ruby16/files
patch-cgi.rb ports/lang/ruby18 Makefile ports/lang/ruby18/fi
Mathieu Arnold
mat at FreeBSD.org
Thu Nov 25 10:06:50 PST 2004
+-le 25/11/2004 12:57 -0500, Dan Langille a dit :
| On 25 Nov 2004 at 15:25, Simon L. Nielsen wrote:
|
|> simon 2004-11-25 15:25:33 UTC
|>
|> FreeBSD ports repository (doc committer)
|>
|> Modified files:
|> lang/ruby16 Makefile
|> lang/ruby18 Makefile
|> Added files:
|> lang/ruby16/files patch-cgi.rb
|> lang/ruby18/files patch-cgi.rb
|> Log:
|> Fix DoS in the Ruby CGI module.
|>
|> Obtained from: ruby CVS
|> Reviewed by: trhodes
|> OK'ed by: maintainer silence
|> With hat: secteam
|>
|> Revision Changes Path
|> 1.109 +1 -0 ports/lang/ruby16/Makefile
|> 1.1 +30 -0 ports/lang/ruby16/files/patch-cgi.rb (new)
|> 1.78 +1 -1 ports/lang/ruby18/Makefile
|> 1.1 +27 -0 ports/lang/ruby18/files/patch-cgi.rb (new)
|
| Thank you for the upgrade.
|
| The build process seems to think that the latest and greatest is also
| vulnerable:
|
| [dan at polo:/usr/ports/lang/ruby18] $ sudo make install
| ===> ruby-1.8.2.p2_2 has known vulnerabilities:
| >> ruby -- CGI DoS.
| Reference: <http://www.FreeBSD.org/ports/portaudit/d656296b-33ff-
| 11d9-a9e7-0001020eed82.html>
|
| Yet, that url claims that ruby-1.8.2.p2_2 is not vulnernable.
|
| They can't both be right! ;)
I think you should run portaudit -F
--
Mathieu Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 479 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20041125/972ba17f/attachment.bin
More information about the cvs-all
mailing list