On Jan 12, 2007, at 10:59, Eric Hodel wrote: > I've checked in fixes for an installation exploit found by Gavin > Sinclair. Here's a draft email describing the exploit and how to > fix RubyGems. I only supplied patches for the past two versions of > RubyGems, since tattle says that's what everybody uses. > > b) Apply the following patch > > For RubyGems 0.9.0: > > <installer.rb.extract_files.REL_0_9_0.patch> > > For RubyGems 0.8.11: > > <installer.rb.extract_files.REL_0_8_11.patch>
Note: I didn't test either of these patches. the 0.9.0 patch applied cleanly with offset. The 0.8.11 I had to do by hand. If anybody still has a 0.8.11, please test this patch. -- Eric Hodel - [EMAIL PROTECTED] - http://blog.segment7.net I LIT YOUR GEM ON FIRE! _______________________________________________ Rubygems-developers mailing list Rubygems-developers@rubyforge.org http://rubyforge.org/mailman/listinfo/rubygems-developers
