[<prev] [next>] [month] [year] [list]
Date: Mon, 30 Jun 2008 17:54:49 -0400
From: Jamie Strandboge <jamie@...onical.com>
To: oss-security@...ts.openwall.com
Subject: Re: patch sets for recent ruby vulnerabilities
----- Forwarded message from Shugo Maeda <security@...y-lang.org> -----
Date: Thu, 26 Jun 2008 12:16:52 +0900
From: Shugo Maeda <security@...y-lang.org>
To: Jamie Strandboge <jamie@...onical.com>
Cc: security@...ntu.com
Subject: Re: patch sets for recent ruby vulnerabilities
Hello,
2008/6/25 Jamie Strandboge <jamie@...onical.com>:
>> ------------------------------------------------------------------------
>> r17530 | nobu | 2008-06-22 07:16:45 +0900 (Sun, 22 Jun 2008) | 2 lines
>> Changed paths:
>> M /branches/ruby_1_8/ChangeLog
>> M /branches/ruby_1_8/string.c
>>
>> * string.c (str_buf_cat): check for self concatenation.
>>
> Without having dived into the code yet, is this the fix for the
> regressions with rails and others?
No, it's not.
The following commit may be the cause of the problems with Rails.
------------------------------------------------------------------------
r15856 | matz | 2008-03-30 00:47:54 +0900 (Sun, 30 Mar 2008) | 2 lines
Changed paths:
M /branches/ruby_1_8/ChangeLog
M /branches/ruby_1_8/class.c
* class.c (clone_method): should copy cref as well.
[ruby-core:15833]
--
Shugo Maeda
----- End forwarded message -----
--
Ubuntu Security Engineer | http://www.ubuntu.com/
Canonical Ltd. | http://www.canonical.com/
[ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux