Summary: | dev-lang/ruby: CGI DoS issue (CAN-2004-0983) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kurt Lieber (RETIRED) <klieber> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | neysx, ruby, usata |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B3 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Kurt Lieber (RETIRED)
2004-11-03 15:33:49 UTC
ruby folks, could you please have a look at this? Adding usata as an explicit CC since I'm not sure he can see the bug, otherwise. Adding xavier so he can see the bug. I'll look into this problem (I get bugzilla mail from ruby alias). But now you can't see this bug or comment here anymore. Putting individual names rather than aliases. Debian published http://www.debian.org/security/2004/dsa-586. Ruby please provide a fixed ebuild. Thanks for readding me to this bug (I was not aware that I was not able to revisit security bug). I added ruby-1.6.8-r12 on 5 Nov, and agriffis added ruby-1.8.2_pre3 yesterday. Both versions contain the fix by ruby upstream. I could make patched revisions of <=ruby-1.8.2_pre2, but I would rather ask arch devs to test 1.6.8-r12 and ruby-1.8.2_pre3 and mark them stable. Arches please mark ruby-1.6.8-r1 and ruby-1.8.2_pre3 stable. I cannot mark stable on ppc64: Won't compile: [...] ./mkconfig.rb:142: syntax error [...] Markus Do you have cjk in USE? 1.8.2_pre3 stable for sparc. I cannot comment on 1.6.8-r1. 1.8.2_pre3 and 1.6.8-r12 stable on amd64 This is keyworded for ppc-macos, but that's not the arch alias. CC'ing kito and ndimiduk stable on ppc (both) greets Stable on alpha. mhh.. mysterious.. I cannot reprocedure that error again. dev-lang/ruby-1.8.2_pre3 is now stable on ppc64. stable on ppc-macos. 1.6.8-r12 is also stable for sparc. Builds, installs, and runs test cases as expected. x86 there security, pls vote on GLSA (since this is rated B3) /me votes for a GLSA at least Debian, Mandrake and Ubuntu have published advisories already I vote for a GLSA too. Stable on mips. I vote YES too GLSA 200411-23 arm hppa ia64: please mark stable to benefit from GLSA s390 should also mark 1.8.2_pre3 stable Ruby team : please clean up old vulnerable versions... |