Subject: CVS commit: [pkgsrc-2021Q1] pkgsrc/lang
From: Benny Siegert
Date: 2021-04-15 09:04:00
Message id: 20210415070401.02520FA95@cvs.NetBSD.org

Log Message:
Pullup ticket #6442 - requested by taca
lang/ruby25-base: security fix

(via patch)

--
  Ruby 2.5.9 has been released.

  This release includes security fixes.  Please check the topics below
  for details.

  * CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in
    WEBrick
  * CVE-2021-28965: XML round-trip vulnerability in REXML

  See the commit logs for details.

  After this release, Ruby 2.5 reaches EOL.  In other words, this is the
  last release of Ruby 2.5 series.  We will not release Ruby 2.5.10 even
  if a security vulnerability is found.  We recommend all Ruby 2.5 users
  to upgrade to Ruby 3.0, 2.7 or 2.6 immediately.
--

Files:
RevisionActionfile
1.225.2.1modifypkgsrc/lang/ruby/rubyversion.mk
1.18.2.1modifypkgsrc/lang/ruby25-base/Makefile
1.4.8.1modifypkgsrc/lang/ruby25-base/PLIST
1.14.4.1modifypkgsrc/lang/ruby25-base/distinfo