oss-sec mailing list archives
Re: ruby regression (was: Re: [vendor-sec] Ruby memory corruption bugs in array and string handling)
From: Drew Yao <ayao () apple com>
Date: Tue, 24 Jun 2008 12:02:20 -0700
Where did you get 1.8.6p231? The latest I see is 1.8.6p230, which, according to upstream's advisory [1], fixes the security issues.
Sorry, I meant p230.
However, the test suite ("make test" in the build dir) passes. It was my understanding that the test suite should fail, given my reading of the forum thread linked to by the blog post Drew mentioned above: http://www.ruby-forum.com/topic/157034
I think make test is not the same test suite they're talking about. --- Drew Yao Apple Product Security
Current thread:
- ruby regression (was: Re: [vendor-sec] Ruby memory corruption bugs in array and string handling) Jonathan Smith (Jun 24)
- Re: ruby regression (was: Re: [vendor-sec] Ruby memory corruption bugs in array and string handling) Drew Yao (Jun 24)