deepcrayon
/
buildroot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
buildroot/package/ruby
History
Peter Korsgaard 46cfed78b1 ruby: security bump to version 2.4.4 
Fixes the following security issues:

CVE-2017-17405: Command injection vulnerability in Net::FTP (2.4.3):
https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/

CVE-2017-17742: HTTP response splitting in WEBrick (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/

CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/

CVE-2018-8777: DoS by large request in WEBrick (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/

CVE-2018-8778: Buffer under-read in String#unpack (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/

CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/

CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
(2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/

Multiple vulnerabilities in RubyGems (2.4.4):
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 		2018-08-17 22:01:53 +02:00
..
Config.in
ruby.hash ruby: security bump to version 2.4.4 2018-08-17 22:01:53 +02:00
ruby.mk ruby: security bump to version 2.4.4 2018-08-17 22:01:53 +02:00