Re: Ruby 1.9.0/1.8.7/1.8.6/1.8.5 new releases (Security Fix)

< ^ > P N |<>| ^ _>< --- | ~ ...Help
All versions of MRI Ruby that claim to fix the vulnerabilities are 
either failing with segmentation faults or change the API in ways that 
make it impossible to run vital libraries such as Rails 2.0.x and RSpec. 
These broken versions include: 1.8.5p231, 1.8.6p230, 1.8.7p22, and 
1.9.0-2. Unfortunately, the source code describing some of the proposed 
fixes has been publicly available now for four days for crackers to 
write their attacks, so we're in a race with the bad guys to deliver a 
solution.

Is anyone working on fixing these bugs? If not, can we rally the 
community to get a bounty and/or code sprint going?

Is there a way to convince the Ruby maintainers to run new code against 
the publicly-available test suites provided by RubySpec, Rails and Rspec 
before they ship a new version to avoid these problems in the future?

Is there anything else that those of us which lack the necessary C 
expertise to fix these problems can do to help with this effort?

Thank you.

-igal
-- 
Posted via http://www.ruby-forum.com/.