Hi, not sure if I can help further, but if I understand correctly, yes - ruby 2.0. is/was default.
*pkg audit* (after forced upgrade) ruby-2.0.0.645,1 is vulnerable: Ruby -- OpenSSL Hostname Verification Vulnerability CVE: CVE-2015-1855 WWW: https://vuxml.FreeBSD.org/freebsd/d4379f59-3e9b-49eb-933b-61de4d0b0fdb.html *pkg info | grep ruby* ruby-2.0.0.645,1 Object-oriented interpreted scripting language *make.conf* - ruby related part : # # Keep ruby 2.0 as default version # DEFAULT_VERSIONS+=ruby=2.0 Best regards, Bretislav Kubesa ne 21. 6. 2015 v 16:54 odesílatel Steve Wills <[email protected]> napsal: > Hi, > > Did you build your own ports where ruby 2.0 was default? I see the package > name > here is ruby-2.0.0.645,1, not ruby20-2.0.0.645,1. The entries in vuxml look > like this: > > 3326 <name>ruby20</name> > 3327 <range><lt>2.0.0.645,1</lt></range> > > ... > > 3330 <name>ruby</name> > 3331 <range><lt>2.1.6,1</lt></range> > > So I think maybe it's matching the second entry and then looking for a ruby > version 2.1.6,1 or newer. Not sure what the right solution is for this > right > now. > > Steve > > > On Sun, Jun 21, 2015 at 08:43:33AM +0200, Ing. Břetislav Kubesa wrote: > > Hi, > > > > already for longer time while updating to 2.0.0.645,1 version, I'm > > getting message that it's vulnerable, but I think it's not the case as > > vulnerable are ruby20 < 2.0.0.645,1 (but it's not ruby20 <= 2.0.0.645,1). > > However I'm not sure where to report it for checking, so I hope it's the > > right place here. > > > > Thank you. > > > > > > ---> Upgrading 'ruby-2.0.0.643_1,1' to 'ruby-2.0.0.645,1' (lang/ruby20) > > ---> Building '/usr/ports/lang/ruby20' > > ===> Cleaning for ruby-2.0.0.645,1 > > ===> ruby-2.0.0.645,1 has known vulnerabilities: > > ruby-2.0.0.645,1 is vulnerable: > > Ruby -- OpenSSL Hostname Verification Vulnerability > > CVE: CVE-2015-1855 > > WWW: > > > http://vuxml.FreeBSD.org/freebsd/d4379f59-3e9b-49eb-933b-61de4d0b0fdb.html > > > > Best regards, > > Bretislav Kubesa > > _______________________________________________ > > [email protected] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > > To unsubscribe, send any mail to "[email protected]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ruby To unsubscribe, send any mail to "[email protected]"
