From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] package/ruby: security bump to version 2.4.6
Date: Tue, 16 Apr 2019 23:33:40 +0200 [thread overview]
Message-ID: <20190416213340.14880-1-peter@korsgaard.com> (raw)
Fixes the following security issues:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/ruby/ruby.hash | 4 ++--
package/ruby/ruby.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash
index b36d49461c..fa9eddc279 100644
--- a/package/ruby/ruby.hash
+++ b/package/ruby/ruby.hash
@@ -1,5 +1,5 @@
-# https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
-sha256 2f0cdcce9989f63ef7c2939bdb17b1ef244c4f384d85b8531d60e73d8cc31eeb ruby-2.4.5.tar.xz
+# https://www.ruby-lang.org/en/news/2019/04/01/ruby-2-4-6-released/
+sha256 25da31b9815bfa9bba9f9b793c055a40a35c43c6adfb1fdbd81a09099f9b529c ruby-2.4.6.tar.xz
# License files, Locally calculated
sha256 609292a6d848ab223073944fc2d844449391a5ba2055a8b5baf1726bc13b39cb LEGAL
sha256 f5eb1b2956d5f7a67b2e5722a3749bc2fe86f9c580f2e3f5a08519cf073b5864 COPYING
diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk
index 3e71596bb4..10424020a9 100644
--- a/package/ruby/ruby.mk
+++ b/package/ruby/ruby.mk
@@ -5,7 +5,7 @@
################################################################################
RUBY_VERSION_MAJOR = 2.4
-RUBY_VERSION = $(RUBY_VERSION_MAJOR).5
+RUBY_VERSION = $(RUBY_VERSION_MAJOR).6
RUBY_VERSION_EXT = 2.4.0
RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
--
2.11.0
next reply other threads:[~2019-04-16 21:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-16 21:33 Peter Korsgaard [this message]
2019-04-17 6:42 ` [Buildroot] [PATCH] package/ruby: security bump to version 2.4.6 Thomas Petazzoni
2019-04-24 20:30 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190416213340.14880-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox