Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2019-08-10 14:12:55 by Benny Siegert | Files touched by this commit (3) | |
Log message:
Pullup ticket #6026 - requested by taca
textproc/ruby-yard: security fix
Revisions pulled up:
- textproc/ruby-yard/Makefile 1.11
- textproc/ruby-yard/PLIST 1.9
- textproc/ruby-yard/distinfo 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 5 09:55:00 UTC 2019
Modified Files:
pkgsrc/textproc/ruby-yard: Makefile PLIST distinfo
Log message:
textproc/ruby-yard: update to 0.9.20
Update ruby-yard to 0.9.20, fixing CVE-2019-14369.
# 0.9.20 - June 27th, 2019
[0.9.20]: https://github.com/lsegal/yard/compare/v0.9.19...v0.9.20
- Fix parsing of stringified Symbols in Ruby source (#1256).
- Fix path traversal vulnerability in `yard server`. This bug would allow
unsanitized HTTP requests to access arbitrary files on the machine of a
`yard server` host under certain conditions. Thanks to CuongMX from
Viettel Cyber Security for discovering this vulnerability.
# 0.9.19 - April 2nd, 2019
[0.9.19]: https://github.com/lsegal/yard/compare/v0.9.16...v0.9.19
- Fixed bug in browser back button (#1071, #1228)
- Fixed handling of ArgumentError in ExtraFileObject (#1198)
- Fixed double return tag displaying on boolean methods (#1226)
- Removed unused `Module#namespace_name` function (#1229)
- Fixed parsing order of README files. YARD will now prefer README over
README.md over README.x.md or README-x.md (and the like). READMEs will now
also be ordered by filename; the first README is still chosen unless
`--readme` is provided.
- Updated AsciiDoc markup support to use non-deprecated calls.
|
Next | Query returned 1 messages, browsing 1 to 10 | previous