Peter Korsgaard
646ae5a0b1
ruby: security bump to version 2.4.5
...
Fixes the following security issues:
- CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives
https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
- CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
Update hash of LEGAL as it had a few (wayback machine) URLs added/changed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2018-10-30 21:05:19 +01:00
Peter Korsgaard
46cfed78b1
ruby: security bump to version 2.4.4
...
Fixes the following security issues:
CVE-2017-17405: Command injection vulnerability in Net::FTP (2.4.3):
https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/
CVE-2017-17742: HTTP response splitting in WEBrick (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
CVE-2018-8777: DoS by large request in WEBrick (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
CVE-2018-8778: Buffer under-read in String#unpack (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
(2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
Multiple vulnerabilities in RubyGems (2.4.4):
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2018-08-17 22:01:53 +02:00
Peter Korsgaard
f2c3530541
ruby: security bump to version 2.4.2
...
Fixed the following security issues:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
For more details, see the release notes:
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/
Drop now upstreamed rubygems patches and add hashes for the license files
while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2017-11-12 17:52:28 +01:00
Vicente Olivert Riera
81de172d11
ruby: bump version to 2.4.1
...
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2017-03-22 23:12:29 +01:00
Vicente Olivert Riera
ca06126066
ruby: bump version to 2.4.0
...
The problem addressed by 0001 patch has been fixed upstream and is that
fix is included in this release:
aa107497cdVincent.Riera@imgtec.com >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2017-01-13 16:19:02 +01:00
Vicente Olivert Riera
0085734dc9
ruby: bump version to 2.3.3
...
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-11-21 21:14:36 +01:00
Vicente Olivert Riera
cbe981184c
ruby: bump version to 2.3.2
...
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-11-15 22:48:46 +01:00
Gustavo Zacarias
22001b2632
ruby: bump to version 2.3.1
...
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-04-27 22:15:30 +02:00
Gustavo Zacarias
7f61488649
ruby: bump to version 2.3.0
...
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2016-01-08 20:28:50 +01:00
Gustavo Zacarias
3ce39dd048
ruby: security bump to version 2.2.4
...
Fixes:
CVE-2015-7551 - Unsafe tainted string usage in Fiddle and DL
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2015-12-17 12:56:25 +01:00
Gustavo Zacarias
ed5c939dfb
ruby: bump to version 2.2.3
...
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2015-09-01 13:11:57 +02:00
Gustavo Zacarias
2c06a807cc
ruby: security bump to version 2.2.2
...
Fixes:
CVE-2015-1855 - OpenSSL extension’s hostname verification vulnerability.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2015-04-14 10:06:35 +02:00
Gustavo Zacarias
ada937a94b
ruby: bump to version 2.2.1
...
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2015-03-03 21:55:45 +01:00
Gustavo Zacarias
98c1930e74
ruby: security bump to version 2.1.5
...
Fixes:
CVE-2014-8090 - Another Denial Of Service XML Expansion.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2014-11-13 22:39:18 +01:00
Gustavo Zacarias
8ba2a5c737
ruby: security bump to version 2.1.4
...
Fixes:
CVE-2014-8080 - Denial of service XML expansion
And change default ext/openssl settings WRT CVE-2014-3566.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2014-10-27 22:46:48 +01:00
Gustavo Zacarias
e651b2e532
ruby: bump to version 2.1.3
...
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2014-10-02 12:06:46 +02:00
