--- layout: page title: December 2009 Archives ---

Ruby 1.8.7-p248 released

We now have a series of patches to fix various bugs against 1.8.7 so I (Urabe Shyouhei) decided to release them. Here they are.

And excuse me for absence of a detailed release note... Please read the ChangeLog instead.

Continue Reading…

Posted by Urabe Shyouhei on 25 Dec 2009

Ruby 1.9.1-p376 is released

Ruby 1.9.1-p376 just has been released. This is a patch level release of Ruby 1.9.1 and includes the fix of CVE-2009-4124.

CVE-2009-4124

The previous release, Ruby 1.9.1-p243 has a security vulnerability that allows heap overflow. This vulnerability was found by Emmanouel Kellinis, KPMG London.

I recommend all Ruby 1.9.1 users to upgrade to p376. But the vulnerability does not affect Ruby 1.8 series.

Continue Reading…

Posted by Yugui on 07 Dec 2009

Heap overflow in String

There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.

Vulnerable versions

This vulnerability does not affect Ruby 1.8 series.

Continue Reading…

Posted by Yugui on 07 Dec 2009

MountainWest RubyConf 2010

MountainWest RubyConf 2010 will be held March 11 and 12, 2010, in Salt Lake City, UT, USA.

http://mtnwestrubyconf.org

Talk proposals are being accepted right this very minute!

Submit yours here.

But don’t delay! The submission deadline is midnight (MST) on December 31st, 2009.

Continue Reading…

Posted by james on 03 Dec 2009

<< Back to 2009 Archives