Igal Koshevoy wrote:
> All versions of MRI Ruby that claim to fix the vulnerabilities are 
> either failing with segmentation faults or change the API in ways that 
> make it impossible to run vital libraries such as Rails 2.0.x and RSpec. 

It looks like a fix for the segmentation faults was committed on 21 June 
(revision 17530 in the ruby_1_8 branch):

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17530

Note that this change is only in the ruby_1_8 branch. It hasn't been 
applied to the separate branches for 1.8.5, 1.8.6 and 1.8.7.

I've applied the change to 1.8.6-p230 and I'm no longer getting the 
segmentation faults in my Rails app. I haven't tested the change with 
1.8.5 or 1.8.7.

The patch I applied to 1.8.6-p230 is available at:

http://files.philross.co.uk/ruby/ruby-1.8.6-p230-fix.patch

This just consists of revision 17530 with the change to ChangeLog 
adjusted to apply cleanly.

-- 
Phil Ross
http://tzinfo.rubyforge.org/ -- DST-aware timezone library for Ruby