Re: Ruby vulnerability?

看板FB_security作者時間19年前 (2006/07/30 13:33), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串7/13 (看更多)
Dear Sirs, > CVE report is very unpleasant: "Multiple unspecified vulnerabilities". > Secunia has more professional report. > > RedHat is only vendor who released updates, but they are binary. So, > there is no known fix now. Following information maybe help you: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378029 But matz(ruby creator) has not mentioned about this yet. And he has said that he has no will to release patch for the vulnerabilites. http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/42575 The message is in Japanese and the content is as follows. At present, a patch for these vulnerabilites is not ready because the problems occur only with $SAFE=4. So the vulnerabilities will be serious only when alll the following conditions are satisfied. * You use $SAFE=4 sandbox * You run untrusted codes > I hope ruby team will release 1.8.5 ASAP. On 18th July, ruby 1.8.5 preview2 was released and release date of 1.8.5 will be near middle of August if they works on schedule. Best regards. ----- UEDA Hiroyuki <ueda@netforest.ad.jp> _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 ueda. 的文章
文章代碼(AID): #14p4IC00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 7 之 13 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共13篇)
更多 ueda. 的文章
文章代碼(AID): #14p4IC00 (FB_security)