[Rubygems-developers] Need to release 0.9.1 due to security exploit
drbrain at segment7.net
Fri Jan 12 14:17:06 EST 2007
On Jan 12, 2007, at 10:59, Eric Hodel wrote:
> I've checked in fixes for an installation exploit found by Gavin
> Sinclair. Here's a draft email describing the exploit and how to
> fix RubyGems. I only supplied patches for the past two versions of
> RubyGems, since tattle says that's what everybody uses.
> b) Apply the following patch
> For RubyGems 0.9.0:
> For RubyGems 0.8.11:
Note: I didn't test either of these patches. the 0.9.0 patch applied
cleanly with offset. The 0.8.11 I had to do by hand.
If anybody still has a 0.8.11, please test this patch.
Eric Hodel - drbrain at segment7.net - http://blog.segment7.net
I LIT YOUR GEM ON FIRE!
More information about the Rubygems-developers