CVS: cvs.openbsd.org: ports

Bernd Ahlers Mon, 29 Sep 2008 12:36:12 -0700

CVSROOT:        /cvs
Module name:    ports
Changes by:     [EMAIL PROTECTED]       2008/09/28 09:43:06


Modified files:
        lang/ruby      : Makefile distinfo 
        lang/ruby/patches: patch-configure 
        lang/ruby/pkg  : PLIST-main 
Added files:
        lang/ruby/patches: patch-lib_rexml_document_rb 
                           patch-lib_rexml_entity_rb 
Removed files:
        lang/ruby/patches: patch-array_c patch-bignum_c patch-eval_c 
                           patch-intern_h patch-io_c patch-sprintf_c 
                           patch-string_c 

Log message:
Security update to ruby-1.8.6.287.

This fixes a DNS spoofing vulnerability in Ruby's resolver lib. (CVE-2008-1447)

A DoS vulnerability in WEBrick(CVE-2008-3656), problems with Ruby's
safelevel implementation (CVE-2008-3655) and a taint check problem
in Ruby's dynamic loader (CVE-2008-3657) got fixed as well.

This also contains a fix for the REXML DoS issue. (CVE-2008-3790)

More information:
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/

Tested by Jeremy Evans and [EMAIL PROTECTED] Thanks!

CVS: cvs.openbsd.org: ports

Reply via email to