Ollivier Robert wrote: > Try this instead: > http://www.freebsd.org/cgi/cvsweb.cgi/ports/lang/ruby18/files/ Thanks for the assistance. That FreeBSD web site's UI sucks. Their "Get diffs" button is broken and always returns nothing. To get a diff on a file, one must click the "text" next to the revision number. FreeBSD's backported patch seems insufficient and vulnerable. I come to this conclusion because they only modified two files (sprintf.c and string.c) -- but the Ruby changelog for this fix mentions other files (e.g., array.c), and Zed Shaw identifies about a dozen files potentially involved in the fix at http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html So we still need to come up with either a backport for one of the working versions of Ruby, or a fix to one of the currently released but broken versions. I've sent email to Stas, the FreeBSD maintainer of Ruby to warn them of the potential security hole in their release and in hopes that they may join this discussion. -igal -- Posted via http://www.ruby-forum.com/.