Forum: Italian Ruby user group vlunerabilità in psych

E555a767a33427bfee0bb0878566293c?d=identicon&s=25 gabriele renzi (Guest)
on 2014-04-04 09:04
(Received via mailing list)
Io ho ricevuto un warning precauzionale da heroku, ma magari non tutti
avete roba l :)

https://www.ruby-lang.org/en/news/2014/03/29/heap-...




twitter: @riffraff
blog (en, it): www.riffraff.info
work: circleme.com
Ea11f27a9b96fffde96cebc912a3bcc4?d=identicon&s=25 Daniele Palombo (Guest)
on 2014-04-04 10:01
(Received via mailing list)
A me il tuo link ha restituito Not Found , lo riposto corretto:

https://www.ruby-lang.org/en/news/2014/03/29/heap-...

Daniele.


2014-04-04 9:02 GMT+02:00 gabriele renzi <rff.rff@gmail.com>:
857c770ccb0a8e869994f663f09b22ec?d=identicon&s=25 Paolo Perego (Guest)
on 2014-04-04 10:25
(Received via mailing list)
Appena rilasciata la 1.1.0 di dawn che ha anche il check per quella
vulnerabilit: https://rubygems.org/gems/codesake-dawn/versions/1.1.0

On 4 April 2014 10:00, Daniele Palombo <daniele.palombo@gmail.com>
wrote:
>> avete roba l :)
>> _______________________________________________
>> Ml mailing list
>> Ml@lists.ruby-it.org
>> http://lists.ruby-it.org/mailman/listinfo/ml
>>
> _______________________________________________
> Ml mailing list
> Ml@lists.ruby-it.org
> http://lists.ruby-it.org/mailman/listinfo/ml



--
$ cd /pub
$ more beer

The Application Security blog you really want to read:
http://armoredcode.com
Cb8e3a1650513848561ca38f84399fa1?d=identicon&s=25 Fabrizio Regini (freegenie)
on 2014-04-04 14:27
(Received via mailing list)
Mi pare di capire che l'unico modo per coprirsi  installare ruby con
libyaml 0.1.6.

Sul sito il download riporta ancora la 0.1.5, mentre il sorgente si
trova
qui:

https://bitbucket.org/xi/libyaml/commits/all

Giusto?
857c770ccb0a8e869994f663f09b22ec?d=identicon&s=25 Paolo P. (paolo_p)
on 2014-04-04 14:32
(Received via mailing list)
No in realt puoi usare https://rubygems.org/gems/psych versione 2.0.5
che  linkata con una versione safe di libyml

Paolo

On 4 April 2014 14:27, Fabrizio Regini <freegenie@gmail.com> wrote:
>
>> >
>>
https://www.ruby-lang.org/en/news/2014/03/29/heap-...
>> >> http://lists.ruby-it.org/mailman/listinfo/ml
>> $ more beer
> Ml@lists.ruby-it.org
> http://lists.ruby-it.org/mailman/listinfo/ml



--
$ cd /pub
$ more beer

The Application Security blog you really want to read:
http://armoredcode.com
Cb8e3a1650513848561ca38f84399fa1?d=identicon&s=25 Fabrizio Regini (freegenie)
on 2014-04-04 14:43
(Received via mailing list)
Su debian testing, se hai installata libyaml, anche installando la gem
psych 2.0.5, viene linkata alla versione 0.1.4 di libyaml.

$  dpkg -l | grep libyaml
ii  libyaml-0-2:amd64
0.1.4-3.2
                         amd64        Fast YAML 1.1 parser and emitter
library
ii  libyaml-snake-java                                          1.12-2
                          all          YAML parser and emitter for the
Java
programming language
$  gem list | grep psy
psych (2.0.5)
$  ruby -v
ruby 1.9.3p545 (2014-02-24 revision 45159) [x86_64-linux]
$  ruby -rpsych -e 'p Psych.libyaml_version'
[0, 1, 4]

Mentre su ubuntu precise non succede. Piccola differenza su ubuntu ho
rbenv
e in locale rvm. Potrebbe dipendere da quello?


2014-04-04 14:31 GMT+02:00 Paolo Perego <thesp0nge@gmail.com>:
E555a767a33427bfee0bb0878566293c?d=identicon&s=25 gabriele renzi (Guest)
on 2014-04-07 00:00
(Received via mailing list)
rvm si installa libyaml in ~/.rvm/usr/lib (io ce l'ho l), rbenv mi
aspetterei di no, ma non saprei dirti se  il tuo caso.

(Grazie Daniele per il link fixato, mi ci erano finiti dentro due
trattini
di signature, boh)


2014-04-04 14:42 GMT+02:00 Fabrizio Regini <freegenie@gmail.com>:

> $  gem list | grep psy
> 2014-04-04 14:31 GMT+02:00 Paolo Perego <thesp0nge@gmail.com>:
> > > Sul sito il download riporta ancora la 0.1.5, mentre il sorgente si
> > >
>
https://www.ruby-lang.org/en/news/2014/03/29/heap-...
> > >> >>
> > >> >> work: circleme.com
> > >>
> > >> http://lists.ruby-it.org/mailman/listinfo/ml
> > $ more beer
> Ml@lists.ruby-it.org
> http://lists.ruby-it.org/mailman/listinfo/ml
>



--
twitter: @riffraff
blog (en, it): www.riffraff.info
work: circleme.com
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.