Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#39797 - ruby pkg contains outdated openssl library
Attached to Project:
Arch Linux
Opened by Jonathan Frazier (wide-eye) - Thursday, 10 April 2014, 06:54 GMT
Last edited by Jan de Groot (JGC) - Thursday, 10 April 2014, 09:07 GMT
Opened by Jonathan Frazier (wide-eye) - Thursday, 10 April 2014, 06:54 GMT
Last edited by Jan de Groot (JGC) - Thursday, 10 April 2014, 09:07 GMT
|
Detailsthe ruby package appears to contain an exploitable openssl.
strings /usr/lib/ruby/2.1.0/x86_64-linux/openssl.so | grep OpenSSL ... OpenSSL 1.0.1f 6 Jan 2014 |
This task depends upon
Closed by Jan de Groot (JGC)
Thursday, 10 April 2014, 09:07 GMT
Reason for closing: Not a bug
Additional comments about closing: false alarm, they store the version string from build time. https://github.com/ruby/ruby/blob/trunk/ ext/openssl/ossl.c#L1084
Thursday, 10 April 2014, 09:07 GMT
Reason for closing: Not a bug
Additional comments about closing: false alarm, they store the version string from build time. https://github.com/ruby/ruby/blob/trunk/ ext/openssl/ossl.c#L1084