projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 097ce6b) | patch
package/ruby: security bump to version 2.4.6
authorPeter Korsgaard <peter@korsgaard.com>
Tue, 16 Apr 2019 21:33:40 +0000 (23:33 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Wed, 17 Apr 2019 06:42:12 +0000 (08:42 +0200)
commit900982313786d3537417f18251732ab7dca95553
tree96ff43a64c2bdd48ae9828c0a169e08e21b6cf37tree
parent097ce6b3a83ac4c4e89d61ef439caee1a1368f32commit | diff
package/ruby: security bump to version 2.4.6

Fixes the following security issues:

- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/ruby/ruby.hash diff | blob | history
package/ruby/ruby.mk diff | blob | history