projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3c8dc54) | patch
ruby: security bump to version 2.4.2
authorPeter Korsgaard <peter@korsgaard.com>
Sun, 12 Nov 2017 13:43:11 +0000 (14:43 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Sun, 12 Nov 2017 16:52:28 +0000 (17:52 +0100)
commitf2c353054111b0398399ba1933a47d34441c875e
treef31687b70464063b8bfd82bed292011418b7d85etree
parent3c8dc542936484cf94efd06d96161c8a04fb17a5commit | diff
ruby: security bump to version 2.4.2

Fixed the following security issues:

CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON

For more details, see the release notes:
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/

Drop now upstreamed rubygems patches and add hashes for the license files
while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/ruby/0001-rubygems-2612-ruby24.patch [deleted file] blob | history
package/ruby/0002-rubygems-2613-ruby24.patch [deleted file] blob | history
package/ruby/ruby.hash diff | blob | history
package/ruby/ruby.mk diff | blob | history