This was posted by someone from the Red Hat Security Response Team. 
Which means two things:

1. Red Hat *is* tracking the Ruby security issues and is looking to the 
Ruby community to supply them with fixes. How that plays into the issue 
of 1.8.5 support is still unknown, but at least we have a name now.

2. There is still no "official" solution. :(

http://www.openwall.com/lists/oss-security/2008/07/02/3