Path to this page:
Subject: CVS commit: pkgsrc/lang
From: Takahiro Kambe
Date: 2017-09-15 02:33:59
Message id: 20170915003359.22ADAFA98@cvs.NetBSD.org
Log Message:
Update ruby22-base and ruby22 packages to 2.2.8.
pkgsrc change: clean up PILST.
Ruby 2.2.8 Released Posted by usa on 14 Sep 2017
Ruby 2.2.8 has been released. This release includes several security
fixes. Please check the topics below for details.
* CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
* CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
* CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode
* CVE-2017-14064: Heap exposure vulnerability in generating JSON
* Multiple vulnerabilities in RubyGems
* Updated bundled libyaml to version 0.1.7
Ruby 2.2 is now under the state of the security maintenance phase, until the
endo of the March of 2018. After the date, maintenance of Ruby 2.2 will be
ended. We recommend you start planning migration to newer versions of Ruby,
such as 2.4 or 2.3.
Files: