Subject: CVS commit: pkgsrc/misc/rubygems
From: Takahiro Kambe
Date: 2013-09-30 05:12:59
Message id: 20130930031259.7D95296@cvs.netbsd.org
Log Message:
Update rubygems package to 2.0.10.  This is security fix for CVE-2013-4363.

=== 2.0.10 / 2013-09-24

Security fixes:

* RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a
  backtracking in Gem::Version validation.  See CVE-2013-4363 for full details
  including vulnerable APIs.  Fixed versions include 2.1.5, 2.0.10, 1.8.27 and
  1.8.23.2 (for Ruby 1.9.3).

=== 2.0.9 / 2013-09-13

Bug fixes:

* Gem fetch now fetches the newest (not oldest) gem when --version is given.
  Issue #643 by Brian Shirai.
* Fixed credential creation for `gem push` when `--host` is not given.  Pull
  request #622 by Arthur Nogueira Neves
Files:
RevisionActionfile
1.55modifypkgsrc/misc/rubygems/Makefile
1.44modifypkgsrc/misc/rubygems/distinfo