Subject: CVS commit: pkgsrc
From: Takahiro Kambe
Date: 2021-02-11 15:30:08
Message id: 20210211143008.9ED4DFA95@cvs.NetBSD.org
Log Message:
www/ruby-rails60: update to 6.0.3.5

databases/ruby-activerecord60:

## Rails 6.0.3.5 (February 10, 2021) ##

*   Fix possible DoS vector in PostgreSQL money type

    Carefully crafted input can cause a DoS via the regular expressions used
    for validating the money format in the PostgreSQL adapter.  This patch
    fixes the regexp.

    Thanks to @dee-see from Hackerone for this patch!

    [CVE-2021-22880]

    *Aaron Patterson*

www/ruby-actionpack60

## Rails 6.0.3.5 (February 10, 2021) ##

*   Prevent open redirect when allowed host starts with a dot

    [CVE-2021-22881]

    Thanks to @tktech (https://hackerone.com/tktech) for reporting this
    issue and the patch!

    *Aaron Patterson*
Files:
RevisionActionfile
1.7modifypkgsrc/databases/ruby-activerecord60/distinfo
1.7modifypkgsrc/devel/ruby-activejob60/distinfo
1.7modifypkgsrc/devel/ruby-activemodel60/distinfo
1.7modifypkgsrc/devel/ruby-activestorage60/distinfo
1.7modifypkgsrc/devel/ruby-activesupport60/distinfo
1.7modifypkgsrc/devel/ruby-railties60/distinfo
1.93modifypkgsrc/lang/ruby/rails.mk
1.7modifypkgsrc/mail/ruby-actionmailbox60/distinfo
1.7modifypkgsrc/mail/ruby-actionmailer60/distinfo
1.7modifypkgsrc/textproc/ruby-actiontext60/distinfo
1.7modifypkgsrc/www/ruby-actioncable60/distinfo
1.7modifypkgsrc/www/ruby-actionpack60/distinfo
1.7modifypkgsrc/www/ruby-actionview60/distinfo
1.7modifypkgsrc/www/ruby-rails60/distinfo