CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
a9f439367d
poky/meta/recipes-devtools/ruby
History
Armin Kuster c323026d9c ruby: update to 2.4.3 
This fixes a segfault in arm64 multilib.

Drop CVE-2017-14064.patch

Additional CVE included are 2.4.3:
CVE-2017-17405: Command injection vulnerability in Net::FTP

Additional CVE included are 2.4.2:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON

Ruby Gems:
DNS request hijacking vulnerability. (CVE-2017-0902)
ANSI escape sequence vulnerability. (CVE-2017-0899)
DoS vulnerability in the query command. (CVE-2017-0900)
vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)

(From OE-Core rev: 5bf664ba85c06d17c6e8c200301e42bc5fdab75e)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-04 11:12:12 +00:00
..
ruby ruby: update to 2.4.3 2018-03-04 11:12:12 +00:00
ruby_2.4.3.bb ruby: update to 2.4.3 2018-03-04 11:12:12 +00:00
ruby.inc ruby: update to 2.4.0 2018-01-14 22:10:54 +00:00