Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Ruby Enterprise Edition
Home
+ new post
About this group
Join this group
Ruby-ee Hash Algorithm Vulnerability
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   4 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
michael  
View profile  
 More options Dec 29 2011, 10:58 am
From: michael <mpchl...@gmail.com>
Date: Thu, 29 Dec 2011 07:58:50 -0800 (PST)
Local: Thurs, Dec 29 2011 10:58 am
Subject: Ruby-ee Hash Algorithm Vulnerability
Print | Individual message | Show original | Report this message | Find messages by this author
I assume that the latest version of Ruby-EE is vulnerable to the
latest Hash Algorithm DoS attack:
http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-...

Can someone confirm that this is the case, and possible know when this
will be patched/fixed?

Thank you


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Hongli Lai  
View profile  
 More options Dec 30 2011, 12:46 pm
From: Hongli Lai <hon...@phusion.nl>
Date: Fri, 30 Dec 2011 18:46:02 +0100
Local: Fri, Dec 30 2011 12:46 pm
Subject: Re: Ruby-ee Hash Algorithm Vulnerability
Print | Individual message | Show original | Report this message | Find messages by this author

On Thu, Dec 29, 2011 at 4:58 PM, michael <mpchl...@gmail.com> wrote:
> I assume that the latest version of Ruby-EE is vulnerable to the
> latest Hash Algorithm DoS attack:
> http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-...

> Can someone confirm that this is the case, and possible know when this
> will be patched/fixed?

It has been patched as of today. The announcement hasn't been written
yet, but the files can already be obtained at
www.rubyenterpriseedition.com.

--
Phusion | Ruby & Rails deployment, scaling and tuning solutions

Web: http://www.phusion.nl/
E-mail: i...@phusion.nl
Chamber of commerce no: 08173483 (The Netherlands)


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Michael Chletsos  
View profile  
 More options Dec 30 2011, 12:49 pm
From: Michael Chletsos <mpchl...@gmail.com>
Date: Fri, 30 Dec 2011 07:49:11 -1000
Local: Fri, Dec 30 2011 12:49 pm
Subject: Re: Ruby-ee Hash Algorithm Vulnerability
Print | Individual message | Show original | Report this message | Find messages by this author
Thank you!!!


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
brian  
View profile  
 More options Jan 3 2012, 2:48 pm
From: brian <briankierst...@gmail.com>
Date: Tue, 3 Jan 2012 11:48:20 -0800 (PST)
Local: Tues, Jan 3 2012 2:48 pm
Subject: Re: Ruby-ee Hash Algorithm Vulnerability
Print | Individual message | Show original | Report this message | Find messages by this author
I'm trying to find a patch for 2009.10 - anyone have that?  I tried
using this: https://gist.github.com/1535569 which is for 2011.03 and
does not compile.

Any help is greatly appreciated!

Thanks,
Brian

On Dec 30 2011, 12:49 pm, Michael Chletsos <mpchl...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google