FreshPorts -- www/rubygem-cgi_multipart_eof

Mon, 28 May 2012 1:01 AM BST

Port details

rubygem-cgi_multipart_eof_fix 2.5.0 www =0

Fix an exploitable bug in CGI multipart parsing
Maintained by: ruby@FreeBSD.org

Port Added: 08 Dec 2010 19:18:47
Also Listed In: rubygems
License: not specified in port

Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5.
When multipart boundary attributes contain non-halting regular 
expression strings, the boundary searcher in the CGI module does not properly 
escape the parameter and will execute arbitrary regular expressions. 
This fix adds escaping for the user data.

    * Affected application servers: standalone CGI, Mongrel, WEBrick
    * Unaffected: FastCGI, Ruby 1.8.6 (all servers)
    * Unknown: mod_ruby

This fix will not modify versions of Ruby greater than 1.8.5, and is 
cumulative with previous CGI multipart vulnerability fixes. 

WWW: http://blog.evanweaver.com/pages/code#cgi_multipart_eof_fix

CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMon

NOTE: FreshPorts displays only required dependencies information. Optional dependencies are not covered.
Required To Build: devel/ruby-gems, lang/ruby18
Required To Run: devel/ruby-gems, lang/ruby18, lang/ruby18
There are no ports dependent upon this port

To install the port: cd /usr/ports/www/rubygem-cgi_multipart_eof_fix/ && make install clean
To add the package: pkg_add -r rubygem-cgi_multipart_eof_fix

Configuration Options

     No options to configure

Master Sites:: http://production.s3.rubygems.org/gems/; http://production.cf.rubygems.org/gems/; ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/rubygem/

Number of commits found: 2

Commit History - (may be incomplete: see CVSWeb link above for full details)
Date	By	Description
09 Dec 2010 02:31:11 2.5.0	pgollucci	- pkg-desc WWW updates
08 Dec 2010 19:18:29 2.5.0	pgollucci	Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5. When multipart boundary attributes contain non-halting regular expression strings, the boundary searcher in the CGI module does not properly escape the parameter and will execute arbitrary regular expressions. This fix adds escaping for the user data. * Affected application servers: standalone CGI, Mongrel, WEBrick * Unaffected: FastCGI, Ruby 1.8.6 (all servers) * Unknown: mod_ruby This fix will not modify versions of Ruby greater than 1.8.5, and is cumulative with previous CGI multipart vulnerability fixes. WWW: http://blog.evanweaver.com/#cgi_multipart_eof_fix

Number of commits found: 2

Login

User Login
Create account

Servers and bandwidth provided by
New York Internet
SuperNews

Search

more...

Latest Vulnerabilities

haproxy	May 24
foswiki	May 21
inspircd^*	May 21
inspircd12^*	May 21
sympa	May 21
sympa5	May 21
libxml2	May 18
pidgin-otr	May 16
sudo	May 16
chromium	May 15
chromium	May 15
pivotx^*	May 14
socat	May 14
libpurple	May 12
php5	May 12

12 vulnerabilities affecting 17 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Ports

Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics

Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:

Port count	23676
Broken	193
Deprecated	147
Ignore	737
Forbidden	3
Restricted	328
No CDROM	110
Vulnerable	0
Expired	44
Set to expire	188
Interactive	54
new 24 hours	4
new 48 hours	6
new 7 days	60
new fortnight	184
new month	253

This site

What is FreshPorts?
About the Authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Servers and bandwidth provided by
New York Internet
SuperNews