On Mon, 23 Jun 2008 22:38:40 +0900
Hongli L. firstname.lastname@example.org mentioned:
Now that you mention it, Keita Y. sent me an eval.c security
patch a while back. Upon closer inspection it seems that this patch is
not included in the FreeBSD patch set, and neither is bignum.c.
eval.c doesn’t pose a security fix as safe_level isn’t secure by design.
It’s just a couple of checks around some functions, nothing more. The
adds another one in eval.c
bignum.c fixes an integer overflow at some operations - this can’t cause
security problems as I could see. It worth applying, though, thanks for
webrick patches isn’t relevant to freebsd in any way, since it fixes
a well known security holes in webrick on windows. These holes were
worked out a while ago (in fact several month or so).