1.8.3 is in Portage but is ~ on all arches
A vulnerability has been reported in Ruby, which can be exploited by malicious
people to bypass certain security restrictions.
The vulnerability is due in an error in "eval.c" in enforcing safe-level
protections. This can be exploited to execute certain insecure methods.
The vulnerability has been reported in the following versions:
* Ruby version 1.6.8 and prior (old release).
* Ruby version 1.8.2 and prior (stable).
* Ruby version 1.9.0 2005-09-01 and prior (development).
Update to version 1.8.3.
Ruby is 1.8.3 ready to be marked stable?
Ruby please advise.
As far as I know, it's not ready. I've seen several packages state they don't
work with 1.8.3 and I beleive this is due to bugs in that release.
I'm not an expert though...
AFAIK clean_logger.rb from Activesupport/Rails doesn't work with 1.8.3
unpatched, but people seem to blame it on that file instead of Ruby itself. I
also believe that Caleb has added a patch to the Rails ebuild which deals with
Some people also seem to have problems with the included openssl implementation,
but as far as I can see our Ruby build isn't concerned by this (the likely
problem is a missing openssl-devel package on the concerned distros, the joys of
Personally I'd vote for stabling 1.8.3, as from my POV the problems people have
with this release are mostly their fault.
Arches please test and mark stable.
Stable on hppa
Stable on sparc. For rails support, please upgrade dev-ruby/rubygems,
dev-ruby/activesupport. Freeride, seems OK with 1.8.3; fxruby and my own tests
check out with no problems.
Stable on ppc.
Works on x86.
stable on ppc64
ruby-1.8.3 stable on alpha
stable on amd64, sorry for the delay
Ready for GLSA vote
I tend to vote yes.
sorry for the delay.
ruby 1.8.3 doesn't compile on Panther (10.3) (missing autoconf 2.59)
ruby 1.8.3 is masked on Tiger (10.4) (collisions)
hence, best I could do it was to mask the older 1.8 versions on Panther also.
Stable on mips.
I tend to vote YES too.
OK, let's have a GLSA then, since nobody else wants to vote.
arm, ppc-macos and s390 please remember to mark stable to benifit from the
now solved for ppc-macos