Igal Koshevoy wrote:
> All versions of MRI Ruby that claim to fix the vulnerabilities are 
> either failing with segmentation faults or change the API in ways that 
> make it impossible to run vital libraries such as Rails 2.0.x and RSpec. 
> These broken versions include: 1.8.5p231, 1.8.6p230, 1.8.7p22, and 
> 1.9.0-2. 

FWIW, I managed to get 1.8.6p230 all the way through a Rails 2.0
app test suite without segfaults or glibc "corrupted memory"
complaints with the patch here:

  http://dev.smartleaf.com/misc/p230_fixit_patch.txt

This reverts changeset 17222 from the ruby_1_8_6 branch of the
main svn repository, which doesn't *look* security-related, at
least at first blush (though it may be a failed backport from
another line of development).

As always, your milage may vary --- but I'm hoping this helps
someone with more detailed knowledge of MRI innards figure out
what's going on.

Robert Thau
rst AT {ai,alum}.mit.edu
-- 
Posted via http://www.ruby-forum.com/.