The fix has already been there in the repository, FYI.  My proposal for
an official release was rejected on this list.  It is fairly easy for me
to make a release tarball once you subscribers of this list make
consensus that I should.

M. Edward (Ed) Borasky wrote
> This was posted by someone from the Red Hat Security Response Team.
> Which means two things:
>
> 1. Red Hat *is* tracking the Ruby security issues and is looking to
> the Ruby community to supply them with fixes. How that plays into the
> issue of 1.8.5 support is still unknown, but at least we have a name now.
>
> 2. There is still no "official" solution. :(
>
> http://www.openwall.com/lists/oss-security/2008/07/02/3
>
>
>
>