oss-sec mailing list archives

Re: ruby regression (was: Re: [vendor-sec] Ruby memory corruption bugs in array and string handling)

From: Drew Yao <ayao () apple com>
Date: Tue, 24 Jun 2008 12:02:20 -0700

Where did you get 1.8.6p231? The latest I see is 1.8.6p230, which,
according to upstream's advisory [1], fixes the security issues.


Sorry, I meant p230.

However, the test suite ("make test" in the
build dir) passes. It was my understanding that the test suite should
fail, given my reading of the forum thread linked to by the blog post
Drew mentioned above: http://www.ruby-forum.com/topic/157034



I think make test is not the same test suite they're talking about.


---
Drew Yao
Apple Product Security

Current thread:

ruby regression (was: Re: [vendor-sec] Ruby memory corruption bugs in array and string handling) Jonathan Smith (Jun 24)
- Re: ruby regression (was: Re: [vendor-sec] Ruby memory corruption bugs in array and string handling) Drew Yao (Jun 24)