FreeBSD Port: ruby20-2.0.0.645,1 - reported as vulnerable while it isn't ?
Ing. Břetislav Kubesa
bretislav.kubesa at gmail.com
Sun Jun 21 06:43:38 UTC 2015
Hi,
already for longer time while updating to 2.0.0.645,1 version, I'm
getting message that it's vulnerable, but I think it's not the case as
vulnerable are ruby20 < 2.0.0.645,1 (but it's not ruby20 <= 2.0.0.645,1).
However I'm not sure where to report it for checking, so I hope it's the
right place here.
Thank you.
---> Upgrading 'ruby-2.0.0.643_1,1' to 'ruby-2.0.0.645,1' (lang/ruby20)
---> Building '/usr/ports/lang/ruby20'
===> Cleaning for ruby-2.0.0.645,1
===> ruby-2.0.0.645,1 has known vulnerabilities:
ruby-2.0.0.645,1 is vulnerable:
Ruby -- OpenSSL Hostname Verification Vulnerability
CVE: CVE-2015-1855
WWW:
http://vuxml.FreeBSD.org/freebsd/d4379f59-3e9b-49eb-933b-61de4d0b0fdb.html
Best regards,
Bretislav Kubesa
More information about the freebsd-ruby
mailing list