I heard from a couple of sources about Ruby security concerns, quoting
from
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
The official Ruby blog is reporting “multiple vulnerabilities” in the
official Ruby interpreter (MRI). A significant number of versions are
affected:
* All versions prior to 1.8.5
* All 1.8.5 versions prior to patch 231
* All 1.8.6 versions prior to patch 230
* All 1.8.7 versions prior to patch 22
* All 1.9.0 versions prior to 1.9.0-2
I believe my Ruby is version 1.8.5.32-2, and 32-2 is the build #?
However, I have no idea what that means in terms of patch # as listed
above for say "All 1.8.5 versions prior to patch 231". Does anyone
know how to correlate the two?
Here's what I have tried based on suggestions...
Matthew Rudy Jacobs wrote:
> Michael Breen wrote:
>> You can run this from the command line to get the patch level: ruby -e
>> 'puts(RUBY_PATCHLEVEL)'
>>
>> Best.
>> Mike
>
Thanks Mike, actually I did try that already but got an error
C:\Documents and Settings\Bob>ruby -e 'puts(RUBY_PATCHLEVEL)'
-e:1: uninitialized constant RUBY_PATCHLEVEL (NameError)
Any other ideas? Much appreciated.
> that's true,
> but my understanding was that although my ubuntu ruby 1.8.6 says it's at
> patch level 111, it is in fact patched against the vulnerability
>
>
https://bugs.launchpad.net/ubuntu/hardy/+source/ruby1.8/+bug/241657
>
> so, I believe I'm safe even though...
>
> matthew@ruBuntu:~$ ruby -e 'puts(RUBY_PATCHLEVEL)'
> 111
> matthew@ruBuntu:~$ ruby --version
> ruby 1.8.6 (2007-09-24 patchlevel 111) [i486-linux]
Michael Breen wrote:
> what about from irb? (I don't have windows so I can't test this for you)
>
> >> puts RUBY_PATCHLEVEL
> 111
> => nil
> >>
*Sigh* same result unfortunately uninitialized constant. Is Ruby on
Windows that different than Linux?
Any other ideas?