[VIM] Ruby on Rails - incomplete fix for 1.1.5

Steven M. Christey coley at mitre.org
Mon Aug 14 16:25:06 EDT 2006


For those who split their entries based on versions and bug variants,
notice the following text from the announcement for Ruby on Rails
1.1.6:

  http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure

  "Unfortunately, the 1.1.5 update from yesterday only partly closed
  the hole (getting rid of the worst data loss trigger). After
  learning more about the extent of the problem, we.ve now put
  together a 1.1.6 release that completely closes all elements of the
  hole (using the same technique as the backports above).

  So if you upgraded to 1.1.5 yesterday, you need to upgrade again."


So, 1.1.6 is the complete fix, and 1.1.5 only had a partial fix, as
originally reported in:

  http://weblog.rubyonrails.com/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits

Also, the Gentoo bug report states that at least one of the issues is
related to the handling of LOAD_PATH, and points to this comment on
the upgrade to 1.1.5:

  http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html


- Steve


More information about the VIM mailing list