On 19-FEB I saw in the daily logs: Checking for packages with security vulnerabilities: Database fetched: Mon Feb 18 03:02:54 GMT 2013 ruby-1.8.7.371,1 is vulnerable: Ruby -- XSS exploit of RDoc documentation generated by rdoc
WWW: http://portaudit.FreeBSD.org/d3e96508-056b-4259-88ad-50dc8d1978a6.html ruby-1.8.7.371,1 is vulnerable: Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON WWW: http://portaudit.FreeBSD.org/c79eb109-a754-45d7-b552-a42099eb2265.html But there is nothing in UPDATING, and now this warning has gone, while the port has not been updated: $ pkg version -vX ruby ruby-1.8.7.371,1 = up-to-date with port So is this port vulnerable or not? If yet, should I switch to lang/ruby19? If not, was this some false positive, corrected later? Thanks Anton _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
