It appears that Matz has a snapshot ready that fixes it, and also one could just wait for Ruby 1.8.5 as there are no known exploits.
The latest stable CVS snapshot is available here: ftp://ftp.ruby-lang.org/pub/ruby/stable-snapshot.tar.gz I found this on http://www.ruby-lang.org/en/20020102.html I'm not sure if Rails or Typo in specific would be vulnerable to this since I don't know what SAFE Level Restriction is. I wouldn't sweat too much over it at this time. Grant On 7/17/06, Ernie Oporto <[EMAIL PROTECTED]> wrote: > > Just saw this... > Anyone know if a patch is coming soon? > > > 06.28.29 CVE: Not Available > Platform: Cross Platform > Title: Ruby Multiple SAFE Level Restriction Bypass Vulnerabilities > Description: Ruby is an object-oriented scripting language with > > support for SAFE level checking. It is vulnerable to multiple SAFE > Level Restriction Bypass vulnerabilities in the "alias" functionality. > Ruby versions 1.8.4 and earlier are vulnerable. > Ref: > http://www.securityfocus.com/bid/18944 > > > -- > Ernie > http://www.shokk.com/blog/ > _______________________________________________ > Typo-list mailing list > [email protected] > http://rubyforge.org/mailman/listinfo/typo-list > > -- Grant Hutchins [EMAIL PROTECTED] _______________________________________________ Typo-list mailing list [email protected] http://rubyforge.org/mailman/listinfo/typo-list
