Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <E3DB0344-D596-40A5-946F-A7B06D54A646@apple.com>
Date: Tue, 24 Jun 2008 12:02:20 -0700
From: Drew Yao <ayao@...le.com>
To: oss-security@...ts.openwall.com
Cc: Vendor-Sec Distribution Vendors <vendor-sec@....de>
Subject: Re: ruby regression (was: Re: [vendor-sec] Ruby memory corruption bugs in array and string handling)

> Where did you get 1.8.6p231? The latest I see is 1.8.6p230, which,
> according to upstream's advisory [1], fixes the security issues.

Sorry, I meant p230.


> However, the test suite ("make test" in the
> build dir) passes. It was my understanding that the test suite should
> fail, given my reading of the forum thread linked to by the blog post
> Drew mentioned above: http://www.ruby-forum.com/topic/157034


I think make test is not the same test suite they're talking about.


---
Drew Yao
Apple Product Security


>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.