From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] package/ruby: security bump to version 2.4.6
Date: Tue, 16 Apr 2019 23:33:40 +0200 [thread overview]
Message-ID: <20190416213340.14880-1-peter@korsgaard.com> (raw)
Fixes the following security issues:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/ruby/ruby.hash | 4 ++--
package/ruby/ruby.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash
index b36d49461c..fa9eddc279 100644
--- a/package/ruby/ruby.hash
+++ b/package/ruby/ruby.hash
@@ -1,5 +1,5 @@
-# https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
-sha256 2f0cdcce9989f63ef7c2939bdb17b1ef244c4f384d85b8531d60e73d8cc31eeb ruby-2.4.5.tar.xz
+# https://www.ruby-lang.org/en/news/2019/04/01/ruby-2-4-6-released/
+sha256 25da31b9815bfa9bba9f9b793c055a40a35c43c6adfb1fdbd81a09099f9b529c ruby-2.4.6.tar.xz
# License files, Locally calculated
sha256 609292a6d848ab223073944fc2d844449391a5ba2055a8b5baf1726bc13b39cb LEGAL
sha256 f5eb1b2956d5f7a67b2e5722a3749bc2fe86f9c580f2e3f5a08519cf073b5864 COPYING
diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk
index 3e71596bb4..10424020a9 100644
--- a/package/ruby/ruby.mk
+++ b/package/ruby/ruby.mk
@@ -5,7 +5,7 @@
################################################################################
RUBY_VERSION_MAJOR = 2.4
-RUBY_VERSION = $(RUBY_VERSION_MAJOR).5
+RUBY_VERSION = $(RUBY_VERSION_MAJOR).6
RUBY_VERSION_EXT = 2.4.0
RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
--
2.11.0
next reply other threads:[~2019-04-16 21:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-16 21:33 Peter Korsgaard [this message]
2019-04-17 6:42 ` [Buildroot] [PATCH] package/ruby: security bump to version 2.4.6 Thomas Petazzoni
2019-04-24 20:30 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190416213340.14880-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.