ruby 1.8.6 p230 - really a fix?

[Michal Suchanek]

Hello

reading http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
I find the current state somewhat unsettling. I have not hit the
problem myself so I can only rely on the comments there. These seem to
indicate that the p230 does not really resolve the issue, only changes
a hang into a crash or something like that.

I would appreciate if somebody could shed some light on this issue.

Thanks

Michal

 

[Maga]

[Note: parts of this message were removed to make it a legal post.]

unsubscribe

 

[sumayah hameed]

unsubscribe

 

[Greg Donald]

reading http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
I find the current state somewhat unsettling. I have not hit the
problem myself so I can only rely on the comments there. These seem to
indicate that the p230 does not really resolve the issue, only changes
a hang into a crash or something like that.

I would appreciate if somebody could shed some light on this issue.

Geez. I've spent my last two evenings trying to figure out why I
can't upgrade, only to find it may be pointless to upgrade?

http://groups.google.com/group/rubyonrails-talk/browse_thread/thread/37411a24c95aab11?hl=en

http://groups.google.com/group/rubyonrails-talk/browse_thread/thread/9b9cbc2122981ac1?hl=en

 

[SurviveStyle5]

It kind of looks like alot of rails things are broken via this ruby
update, There are reports out there from varying people claiming that
older or newer versions of ruby/rails combination will work. I'm kind
of waiting for Rails Core to post something or a fix soon until then
if you are feeling frisky read the zed shaw analysis on the exploit
found here... http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
and start trying to work through the seg faults.