Subject: CVS commit: pkgsrc
From: Takahiro Kambe
Date: 2021-05-08 16:02:34
Message id: 20210508140235.25401FA95@cvs.NetBSD.org

Log Message:
www/ruby-rails60: update to 6.0.3.7

Real changes are in www/ruby-actionpack60 only.

## Rails 6.0.3.7 (May 05, 2021) ##

*   Prevent catastrophic backtracking during mime parsing
    CVE-2021-22902

*   Prevent regex DoS in HTTP token authentication
    CVE-2021-22904

*   Prevent string polymorphic route arguments.

    `url_for` supports building polymorphic URLs via an array
    of arguments (usually symbols and records). If a developer passes a
    user input array, strings can result in unwanted route helper calls.

    CVE-2021-22885

    *Gannon McGibbon*

Files:
RevisionActionfile
1.9modifypkgsrc/www/ruby-rails60/distinfo
1.9modifypkgsrc/www/ruby-actionview60/distinfo
1.9modifypkgsrc/www/ruby-actionpack60/distinfo
1.9modifypkgsrc/www/ruby-actioncable60/distinfo
1.9modifypkgsrc/textproc/ruby-actiontext60/distinfo
1.9modifypkgsrc/mail/ruby-actionmailer60/distinfo
1.9modifypkgsrc/mail/ruby-actionmailbox60/distinfo
1.99modifypkgsrc/lang/ruby/rails.mk
1.9modifypkgsrc/devel/ruby-railties60/distinfo
1.9modifypkgsrc/devel/ruby-activesupport60/distinfo
1.9modifypkgsrc/devel/ruby-activestorage60/distinfo
1.9modifypkgsrc/devel/ruby-activemodel60/distinfo
1.9modifypkgsrc/devel/ruby-activejob60/distinfo
1.9modifypkgsrc/databases/ruby-activerecord60/distinfo