From: Urabe Shyouhei <shyouhei@...>
Date: 2010-08-16T16:39:43+09:00
Subject: Re: [ANN][Security] Ruby 1.8.7 patchlevel 301 released (CVE-2010-0541)

--------------enigAC732C8AC34A8CF329744086
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: quoted-printable

(2010/08/16 13:09), Urabe Shyouhei wrote:
> Hello all.  This is a new release for 1.8.7 series.
>=20
> As Yugui posted earlier, there is a XSS vulnerability in WEBrick HTTP s=
erver.
>  Beware that, though we realized this issue only recently, the CVE-2010=
-0541
> has been disclosed for months without notifying us, so public WEBrick s=
ervers
> are already under a real threat of attacks.  Many thanks to Hideaki Yam=
ane for
> letting us know it.
>=20
> Anyway we have a fix for the issue now, and here are those applied for =
the
> 1.8.7 branch.  All WEBrick users are encouraged to upgrade.

Oops, there was a packaging mistake.  Please use this one instead:

ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.zip

Checksum:

MD5(ruby-1.8.7-p302.tar.gz)=3D f446550dfde0d8162a6ed8d5a38b3ac2
SHA256(ruby-1.8.7-p302.tar.gz)=3D 5883df5204de70762602ce885b18c8bf6c856d3=
3298c35df9151031b2ce044a1
SIZE(ruby-1.8.7-p302.tar.gz)=3D 4866763

MD5(ruby-1.8.7-p302.tar.bz2)=3D a6a9e37079ed8cf8726b455dad3de939
SHA256(ruby-1.8.7-p302.tar.bz2)=3D 3537cc81cc2378a2bc319cd16c4237ddee14a2=
839cfd1515b27dce108d061a68
SIZE(ruby-1.8.7-p302.tar.bz2)=3D 4184764

MD5(ruby-1.8.7-p302.zip)=3D 56cb754af4bbd5ec3bfbdb8af3ee72a7
SHA256(ruby-1.8.7-p302.zip)=3D f50d6ae1a7247674b6a07e54cbd6704a6951ba2027=
7cd7dc23d1453ffe00fedb
SIZE(ruby-1.8.7-p302.zip)=3D 5965421

Sorry for your inconvenience.


--------------enigAC732C8AC34A8CF329744086
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxo6z0ACgkQuTXPUnA5eMKVEwCeP2SBx8GcSJU5ADw79ywyOQgo
W+MAn1GShtRs+LjdHWrpmNctY1URQy+t
=qOq7
-----END PGP SIGNATURE-----

--------------enigAC732C8AC34A8CF329744086--