Forum Thread: PSI database fix: Cygwin ruby.exe is not Rubyforge's ruby.exe

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

This thread has been marked as locked.
ordinant PSI database fix: Cygwin ruby.exe is not Rubyforge's ruby.exe
Member 19th Mar, 2011 03:45
Ranking: 0
Posts: 3
User Since: 19th Mar, 2011
System Score: N/A
Location: US
Last edited on 19th Mar, 2011 18:45

PSI is flagging the ruby.exe provided as part of the Cygwin package as insecure, but then provides a link to download a different Ruby installer from

Please update your database to distinguish between Cygwin's ruby.exe and's ruby.exe. Cygwin users can only get updates from Cygwin, and if the Cygwin project does not yet offer a newer Ruby version, we just have to wait.

Actually, the PSI database should check the path of all executables it detects. If the path begins with [driveletter]:\Cygwin\bin, then send the user to to obtain updates, despite whatever other update URLs your database might currently think is appropriate.

Anthony Wells RE: PSI database fix: Cygwin ruby.exe is not Rubyforge's ruby.exe
Expert Contributor 20th Mar, 2011 14:00
Score: 2542
Posts: 3,402
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Mar, 2011 14:08
Hi ,

Secunia support are quite busy at the moment , but even so do not work weekends on the PSI .

The PSI reports on insecure programmes , apps., etc., and seeks and reports the insecurities :eg: a .dll or an.exe file wherever it can find/see/get it's hands on it ; in this case the ruby.exe file is what it seeks : so whether it is possible to fine tune the detection higher up the detected instance pathway is perhaps not so easy . Embedded "insecure" apps are considered the problem of the covering programme vendor ; rather as you have remarked , but give the known update link to the insecurity not to the vendor .

If a Secunia official does not pick up your thread early next week you may wish to contact them by email at .

If not having a 100% PSI score is of concern , you can set an ignore rule for the "detected instance" while you wait for Cygwin to rectify the problem . Setting an ignore rule in the PSI version 2.0.x means the programme is neither scanned nor displayed .

Open the/any programme with the [+] to the lhs of the entry and there are two yellow(ish) folder icons to the left of the detected instance(s) , the one with the red blob is used to set the ignore rule (it's in the Toolbox in PSI version1.5.x) .

Take care



It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?

This thread has been marked as locked.