Quoting from the site
Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).
This vulnerability is open to the public as JVN#84798830.
Please note that the previous patch (<URL:http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-cgi-dos-1.patch>) does not fix this problem.
A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.
1.8.5 and all prior versions
Development version (1.9 series)
All versions before 2006-12-04
Please upgrade to 1.8.5-p2.
<URL:http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p2.tar.gz> (4519151 bytes, md5sum: a3517a224716f79b14196adda3e88057)
Please note that a package that corrects this weakness may already be available through your package management software.
I'll see to prepare an ebuild for 1.8.5-p2.
1.8.5_p2 in tree.
arches, please test and stable 1.8.5_p2, thx
*** Bug 157038 has been marked as a duplicate of this bug. ***
apart from make test failures (normal issue and an old bug) amd64 got stable love.
Stable on Alpha.
ranger marked stable on ppc64
Stable for HPPA.
"A specific HTTP request for any web application using cgi.rb causes CPU
consumption " --> i vote GLSA
I vote YES as well.
Nobody will care for my addon YES, then ^_^
GLSA 200612-21 , thanks everybody!