-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all.

CVE-2012-4466 was reported against 1.8.7.  This is about $SAFE escaping, so
if you (or your using library) are a user of that feature, you are advised
to upgrade your 1.8.7 to the following one:

ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p371.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p371.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p371.zip

Checksums:

MD5(ruby-1.8.7-p371.tar.gz)= 653f07bb45f03d0bf3910491288764df
SHA256(ruby-1.8.7-p371.tar.gz)= e60a322f8f2a616eba01651f5ab620e7e48e4f8adfe711aec61cc74a91d54d3c
SIZE(ruby-1.8.7-p371.tar.gz)= 4902800

MD5(ruby-1.8.7-p371.tar.bz2)= c27526b298659a186bdb5107fcec2341
SHA256(ruby-1.8.7-p371.tar.bz2)= 2dd0e463cd82039beb75c9b9f4ee20bef5f5b5ff68527008e5aee61cfb3b55e1
SIZE(ruby-1.8.7-p371.tar.bz2)= 4248262

MD5(ruby-1.8.7-p371.zip)= a1eec1c6611f2256be492b3002192cb4
SHA256(ruby-1.8.7-p371.zip)= d308ecc20619096276545a3eefee02873b883507e69d74bdefc5f8de47e1e3c2
SIZE(ruby-1.8.7-p371.zip)= 5999510

Thank you.  I think details about this CVE would also come shortly.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQd75EAAoJEIG/BHYvGcFLEVAP/3w5aUeQTDSW2OC5BAeqsFt3
JRagEg5e7NKO/8Fh/xRjczPYcUS4som/GHQUvu2+EA9zgtlK3rjC5TR1WFioHKwl
z/4+drvav5HS+V8stMPfbxVe9w4GZ9iyPxIV+Ampmjwb23aZaPdp9A5NKqecjnGw
FO1+6I2YzKmTgbTxovpBiMRqUJ+IaJXg9oQwHGvbhCaD00baqQoOt4inaM4hajh6
WXoxnkDHnpMTdlyk7Ny2xR44U3eG4Qw2klXC6fsUDq2JZ1jGFtwh+ASvyfXcmMuk
8ogJQqCj9R0hJYH7QRRAPrr5yJergR/J6Y27sS+BhMQjNNTNqfF58QRl2ttOhYel
LZW3c7JElhJZAEgIFGN8/yxqY1XSCGY7oACLk7g+0GbT4MbWjYmmKeJwEw+gEyX1
ePdbipLHwOWTWn3TSylQYceDdNP61s8K7e3disiU8z/sCBuMDn9dQpkz6x1qD7bI
S1rVLtM6XYMtjHiJSP2QaKjYCflxsBab50EJlffMqgm6AvJwSrAZr95RZ6NuPIY6
TPokrRfg6J7EeOFTOggI2E8/wfVx3WTL3tqDZTfTanp3fsD3uAcaIJN1EuoprVY3
ST+SFfbuCW4SzYZz8gsjEJA1iUiH7UvZrKp8JoIr/zN/wvBr+WZ5FUc3rQT05ye0
XExmyzv0cq3daRqiq6P6
=duk5
-----END PGP SIGNATURE-----