Date: Fri, 22 Feb 2013 10:12:37 GMT From: Anton Shterenlikht <mexas@bristol.ac.uk> To: freebsd-ports@freebsd.org Subject: RE: ruby-1.8.7.371,1 is vulnerable ? Message-ID: <201302221012.r1MACbmS025426@mech-cluster241.men.bris.ac.uk>
next in thread | raw e-mail | index | archive | help
On 19-FEB I saw in the daily logs: Checking for packages with security vulnerabilities: Database fetched: Mon Feb 18 03:02:54 GMT 2013 ruby-1.8.7.371,1 is vulnerable: Ruby -- XSS exploit of RDoc documentation generated by rdoc WWW: http://portaudit.FreeBSD.org/d3e96508-056b-4259-88ad-50dc8d1978a6.html ruby-1.8.7.371,1 is vulnerable: Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON WWW: http://portaudit.FreeBSD.org/c79eb109-a754-45d7-b552-a42099eb2265.html But there is nothing in UPDATING, and now this warning has gone, while the port has not been updated: $ pkg version -vX ruby ruby-1.8.7.371,1 = up-to-date with port So is this port vulnerable or not? If yet, should I switch to lang/ruby19? If not, was this some false positive, corrected later? Thanks Anton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302221012.r1MACbmS025426>