ruby-list

(2010/08/16 13:09), Urabe Shyouhei wrote:
> Hello all.  This is a new release for 1.8.7 series.
>=20
> As Yugui posted earlier, there is a XSS vulnerability in WEBrick HTTP s=
erver.
>  Beware that, though we realized this issue only recently, the CVE-2010=
-0541
> has been disclosed for months without notifying us, so public WEBrick s=
ervers
> are already under a real threat of attacks.  Many thanks to Hideaki Yam=
ane for
> letting us know it.
>=20
> Anyway we have a fix for the issue now, and here are those applied for =
the
> 1.8.7 branch.  All WEBrick users are encouraged to upgrade.

Oops, there was a packaging mistake.  Please use this one instead:

ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.zip

Checksum:

MD5(ruby-1.8.7-p302.tar.gz)=3D f446550dfde0d8162a6ed8d5a38b3ac2
SHA256(ruby-1.8.7-p302.tar.gz)=3D 5883df5204de70762602ce885b18c8bf6c856d3=
3298c35df9151031b2ce044a1
SIZE(ruby-1.8.7-p302.tar.gz)=3D 4866763

MD5(ruby-1.8.7-p302.tar.bz2)=3D a6a9e37079ed8cf8726b455dad3de939
SHA256(ruby-1.8.7-p302.tar.bz2)=3D 3537cc81cc2378a2bc319cd16c4237ddee14a2=
839cfd1515b27dce108d061a68
SIZE(ruby-1.8.7-p302.tar.bz2)=3D 4184764

MD5(ruby-1.8.7-p302.zip)=3D 56cb754af4bbd5ec3bfbdb8af3ee72a7
SHA256(ruby-1.8.7-p302.zip)=3D f50d6ae1a7247674b6a07e54cbd6704a6951ba2027=
7cd7dc23d1453ffe00fedb
SIZE(ruby-1.8.7-p302.zip)=3D 5965421

Sorry for your inconvenience.

Attachments (1)

signature.asc (260 Bytes, application/pgp-signature)

Thread

Prev Next

In This Thread

Prev Next

[#47278] RejectKaigi 2010 開催のお知らせ [ 8月29日（日）] — "KOSHIBA Toshiaki(so-net)" <koshiba@...8.so-net.ne.jp>

[#47279] RubyKaigi2010 LTでのMacBook用モニタアダプターを貸していただける人を募集しています. — Sora Harakami <sora134@...>

[#47282] [ANN] RubyKaigi 2010 併催 キーサインパーティーのおさそい — Urabe Shyouhei <shyouhei@...>

[#47283] [ANN] RubyKaigi 2010 『MSWin32版Ruby野良ビルダー養成塾』 宣伝 — arton <artonx@...>

[#47284] Ruby committers Q&A at RubyKaigi — Shugo Maeda <shugo@...>

[#47285] make install後、config.hの置き場所について — Moru <lateau@...>

[#47288] [ANN] RubyConf 2010 の情報共有ML — Kakutani Shintaro <shintaro@...>

[#47290] 改行やタグを含むデータをmysqlでinsertするには — Yosuke Suzuki <yosuke.suzuki@...>

[#47298] スキップリストをリリースしました — "KISHIMOTO, Makoto" <ksmakoto@...4u.or.jp>

[#47299] Re: 改行やタグを含むデータをmysqlでinsertするには +追加 XMLの操作 — Yosuke Suzuki <yosuke.suzuki@...>

[#47300] [ANN] Ruby 1.9.1-p430 is out — "Yuki Sonoda (Yugui)" <yugui@...>

[#47301] [ANN][Security] Ruby 1.8.7 patchlevel 301 released (CVE-2010-0541) — Urabe Shyouhei <shyouhei@...>

[#47303] マッチしない正規表現「.*?」が遅い? — SATOH Fumiyasu <fumiyas@...>

[#47306] to_i — Mitsuyoshi Kawabata <kawabata@...>

[#47314] ruby on github and NonComitterHowto — masayoshi takahashi <maki@...>

[#47316] 拡張ライブラリ作成時のrb_gc_mark()の呼び出し方について — tueda <tueda@...>

[#47321] [ANN] Ruby 1.9.2リリース — "Yuki Sonoda (Yugui)" <yugui@...>

[#47323] 無欲マッチの使い方 — AOKI Yoshihiro <aoki@...>

[#47330] ftpファイル再配置のお願い — Tadashi Saito <shiba@...2.accsnet.ne.jp>

[#47331] 入れ子ブレースのマッチング — AOKI Yoshihiro <aoki@...>

[#47335] [ANN] rcairo 1.8.3 — Kouhei Sutou <kou@...>

[#47338] [ANN]hikidoc-0.0.5 — kimura wataru <kimuraw@...>

[#47339] [ANN] rcairo 1.8.5 — Kouhei Sutou <kou@...>

[#47340] GAEについて — "T.Soejima" <clev@...2.so-net.ne.jp>

[#47342] [ANN] rroonga 1.0.0 — Kouhei Sutou <kou@...>

[#47343] [ANN]MiyakoLauncherLite2.0.0 — cyross@...

[#47345] 「Rubyリファレンスマニュアル刷新計画」2010-08分のスナップショットリリース — okkez <okkez000@...>

[#47347] [ANN]Miyako2.1.16&MiyakoPack2.1.16リリース — cyross@...

[#47360] Ruby'sライセンスの、BSDLとのデュアルライセンスへの変更 — "NARUSE, Yui" <naruse@...>

[ruby-list:47302] Re: [ANN][Security] Ruby 1.8.7 patchlevel 301 released (CVE-2010-0541)

Attachments (1)

Thread

In This Thread

[#47282] [ANN] RubyKaigi 2010 併催キーサインパーティーのおさそい — Urabe Shyouhei <shyouhei@...>

[#47283] [ANN] RubyKaigi 2010 『MSWin32版Ruby野良ビルダー養成塾』宣伝 — arton <artonx@...>

[#47299] Re: 改行やタグを含むデータをmysqlでinsertするには　+追加 XMLの操作 — Yosuke Suzuki <yosuke.suzuki@...>