Quoting from the site -- Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). This vulnerability is open to the public as JVN#84798830. Please note that the previous patch (<URL:http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-cgi-dos-1.patch>) does not fix this problem. Impact A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service. Vulnerable versions 1.8 series 1.8.5 and all prior versions Development version (1.9 series) All versions before 2006-12-04 Solution 1.8 series Please upgrade to 1.8.5-p2. <URL:http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p2.tar.gz> (4519151 bytes, md5sum: a3517a224716f79b14196adda3e88057) Please note that a package that corrects this weakness may already be available through your package management software. -- I'll see to prepare an ebuild for 1.8.5-p2.
thx Flameeyes
1.8.5_p2 in tree.
arches, please test and stable 1.8.5_p2, thx
*** Bug 157038 has been marked as a duplicate of this bug. ***
apart from make test failures (normal issue and an old bug) amd64 got stable love.
sparc stable.
ppc64 stable
Stable on Alpha.
ppc stable
ranger marked stable on ppc64
Stable for HPPA.
x86 done
"A specific HTTP request for any web application using cgi.rb causes CPU consumption " --> i vote GLSA
I vote YES as well.
Nobody will care for my addon YES, then ^_^
GLSA 200612-21 , thanks everybody!
ia64 stable
