Path to this page:
Subject: CVS commit: pkgsrc/www/ruby-http
From: Takahiro Kambe
Date: 2015-03-28 05:32:15
Message id: 20150328043216.0BAF698@cvs.netbsd.org
Log Message:
Update ruby-http to 0.7.3, security fix.
## 0.7.3 (2015-03-24)
* SECURITY FIX: http.rb failed to call the #post_connection_check method
on SSL connections. This method implements hostname verification, and
without it http.rb was vulnerable to MitM attacks. The problem was
corrected by calling #post_connection_check (CVE-2015-1828)
Files: