2024-04-25 17:12:05 by Takahiro Kambe | Files touched by this commit (7) | |
Log message:
lang/ruby33: update to 3.3.1
This is security release. Note CVE-2024-27280 and CVE-2024-27281 were
already fixed by ruby31-base-3.3.0nb1.
3.3.1 (2024-04-23)
* CVE-2024-27282: Arbitrary memory address read vulnerability with Regex
search
* CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
|
2024-04-25 17:06:11 by Takahiro Kambe | Files touched by this commit (5) | |
Log message:
lang/ruby32-base: update to 3.2.4
This is security release. Note CVE-2024-27280 and CVE-2024-27281 were
already fixed by ruby31-base-3.2.3nb3.
3.2.4 (2024-04-23)
* CVE-2024-27282: Arbitrary memory address read vulnerability with Regex
search
* CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
* CVE-2024-27280: Buffer overread vulnerability in StringIO
|
2024-04-25 16:51:54 by Takahiro Kambe | Files touched by this commit (10) | |
Log message:
lang/ruby31-base: update to 3.1.5
This is security release. Note CVE-2024-27280 and CVE-2024-27281 were
already fixed by ruby31-base-3.1.4nb3.
3.1.5 (2024-04-23)
Security release.
* CVE-2024-27282: Arbitrary memory address read vulnerability with Regex
search
* CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
* CVE-2024-27280: Buffer overread vulnerability in StringIO
|
2024-03-23 16:15:52 by Takahiro Kambe | Files touched by this commit (5) |
Log message:
lang/ruby33: fix CVE-2024-27281
Update rdoc to 6.6.3.1 to fix for CVE-2024-27281.
Bump PKGREVISION.
|
2024-03-23 15:47:13 by Takahiro Kambe | Files touched by this commit (5) |
Log message:
lang/ruby32-base: fix CVE-2024-27281
Update rdoc to 6.5.1.1 to fix for CVE-2024-27281.
Bump PKGREVISION.
|
2024-03-23 15:28:48 by Takahiro Kambe | Files touched by this commit (7) |
Log message:
lang/ruby31-base: fix CVE-2024-27280 and CVE-2024-27281
Update rdoc to 6.4.1.1 to fix for CVE-2024-27281.
Update stringio to 3.0.1.2 to fix for CVE-2024-27280.
Bump PKGREVISION.
|
2024-02-24 15:55:27 by Takahiro Kambe | Files touched by this commit (15) | |
Log message:
www/ruby-rails71: update to 7.1.3.2
Update Ruby on Rails 7.1 and related pacakges to 7.1.3.2
This includes security fix:
CVE-2024-26142 for www/ruby-actionpack71
CVE-2024-26143 for www/ruby-actionpack71
Action Pack
* Fix possible XSS vulnerability with the translate method in controllers
CVE-2024-26143
* Fix ReDoS in Accept header parsing
CVE-2024-26142
|
2024-02-24 15:49:29 by Takahiro Kambe | Files touched by this commit (16) | |
Log message:
www/ruby-rails70: update to 7.0.8.1
Update Ruby on Rails 7.0 and related pacakges to 7.0.8.1
This includes security fix:
CVE-2024-26144 for devel/ruby-activestorage70
CVE-2024-26146 for www/ruby-actionpack70
Action Pack
* Fix possible XSS vulnerability with the translate method in controllers
CVE-2024-26143
Active Storage
* Disables the session in ActiveStorage::Blobs::ProxyController and
ActiveStorage::Representations::ProxyController in order to allow caching
by default in some CDNs as CloudFlare
Fixes #44136
Bruno Prieto
|
2024-02-24 15:42:41 by Takahiro Kambe | Files touched by this commit (17) | |
Log message:
www/rails61: update to 6.1.7.7
Update rails61 and related pacakges to 6.1.7.7
This includes security fix for CVE-2024-26144, devel/ruby-activestorage61.
Active Storage
* Disables the session in ActiveStorage::Blobs::ProxyController and
ActiveStorage::Representations::ProxyController in order to allow caching
by default in some CDNs as CloudFlare
Fixes #44136
Bruno Prieto
|
2024-02-10 15:41:47 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
lang/ruby: switch default version to Ruby 3.2
Add missing Ruby 3.3 related value in comments, too.
|