Re: [ANN][Security] Ruby 1.8.7 patchlevel 301 released (CVE-2010-0541)

< ^ > P N |<>|^_>< --- | ~ ...Help
--------------enigAC732C8AC34A8CF329744086
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: quoted-printable

(2010/08/16 13:09), Urabe Shyouhei wrote:
> Hello all.  This is a new release for 1.8.7 series.
> 
> As Yugui posted earlier, there is a XSS vulnerability in WEBrick HTTP server.
>  Beware that, though we realized this issue only recently, the CVE-2010-0541
> has been disclosed for months without notifying us, so public WEBrick servers
> are already under a real threat of attacks.  Many thanks to Hideaki Yamane for
> letting us know it.
> 
> Anyway we have a fix for the issue now, and here are those applied for the
> 1.8.7 branch.  All WEBrick users are encouraged to upgrade.

Oops, there was a packaging mistake.  Please use this one instead:

ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.zip

Checksum:

MD5(ruby-1.8.7-p302.tar.gz)= f446550dfde0d8162a6ed8d5a38b3ac2
SHA256(ruby-1.8.7-p302.tar.gz)= 5883df5204de70762602ce885b18c8bf6c856d33298c35df9151031b2ce044a1
SIZE(ruby-1.8.7-p302.tar.gz)= 4866763

MD5(ruby-1.8.7-p302.tar.bz2)= a6a9e37079ed8cf8726b455dad3de939
SHA256(ruby-1.8.7-p302.tar.bz2)= 3537cc81cc2378a2bc319cd16c4237ddee14a2839cfd1515b27dce108d061a68
SIZE(ruby-1.8.7-p302.tar.bz2)= 4184764

MD5(ruby-1.8.7-p302.zip)= 56cb754af4bbd5ec3bfbdb8af3ee72a7
SHA256(ruby-1.8.7-p302.zip)= f50d6ae1a7247674b6a07e54cbd6704a6951ba20277cd7dc23d1453ffe00fedb
SIZE(ruby-1.8.7-p302.zip)= 5965421

Sorry for your inconvenience.


--------------enigAC732C8AC34A8CF329744086
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxo6z0ACgkQuTXPUnA5eMKVEwCeP2SBx8GcSJU5ADw79ywyOQgo
W+MAn1GShtRs+LjdHWrpmNctY1URQy+t
q7
-----END PGP SIGNATURE-----

--------------enigAC732C8AC34A8CF329744086--