[VIM] Ruby on Rails - incomplete fix for 1.1.5
Steven M. Christey
coley at mitre.org
Mon Aug 14 16:25:06 EDT 2006
For those who split their entries based on versions and bug variants,
notice the following text from the announcement for Ruby on Rails
1.1.6:
http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure
"Unfortunately, the 1.1.5 update from yesterday only partly closed
the hole (getting rid of the worst data loss trigger). After
learning more about the extent of the problem, we.ve now put
together a 1.1.6 release that completely closes all elements of the
hole (using the same technique as the backports above).
So if you upgraded to 1.1.5 yesterday, you need to upgrade again."
So, 1.1.6 is the complete fix, and 1.1.5 only had a partial fix, as
originally reported in:
http://weblog.rubyonrails.com/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits
Also, the Gentoo bug report states that at least one of the issues is
related to the handling of LOAD_PATH, and points to this comment on
the upgrade to 1.1.5:
http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html
- Steve
More information about the VIM
mailing list