Path to this page:
Subject: CVS commit: pkgsrc/lang/ruby24-base
From: Takahiro Kambe
Date: 2019-03-12 05:23:45
Message id: 20190312042345.78674FB16@cvs.NetBSD.org
Log Message:
lang/ruby24-base: Add security patch for rubygems
Add security patch for rubygems, fixing these problem.
* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handlin
g
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
Since original patch included in official announce dose not cleanly applied to
Ruby 2.4.5, use a local version which drop patch to none existing test.
Bump PKGREVISION.
Files: