Path to this page:
Next | Query returned 3 messages, browsing 1 to 10 | previous
CVS Commit History:
2021-11-27 23:11:20 by Thomas Merkel | Files touched by this commit (4) | |
Log message:
Pullup ticket #6547 - requested by taca
lang/ruby30-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.240
- lang/ruby30-base/PLIST 1.4
- lang/ruby30-base/distinfo 1.7
- lang/ruby30-base/patches/patch-lib_rubygems_installer.rb 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Nov 25 16:35:52 UTC 2021
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby30-base: PLIST distinfo
pkgsrc/lang/ruby30-base/patches: patch-lib_rubygems_installer.rb
Log message:
lang/ruby30-base: update to 3.0.3
Ruby 3.0.3 Released
Posted by nagachika on 24 Nov 2021
Ruby 3.0.3 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date
Parsing Methods
* CVE-2021-41816: Buffer Overrun in CGI.escape_html
* CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
See the commit logs for details.
|
2021-11-27 23:02:59 by Thomas Merkel | Files touched by this commit (3) | |
Log message:
Pullup ticket #6546 - requested by taca
lang/ruby27-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.239
- lang/ruby27-base/PLIST 1.5
- lang/ruby27-base/distinfo 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Nov 25 16:01:18 UTC 2021
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27-base: PLIST distinfo
Log message:
lang/ruby27-base: update to 2.7.5
Ruby 2.7.5 Released
Posted by usa on 24 Nov 2021
Ruby 2.7.5 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date
Parsing Methods
* CVE-2021-41816: Buffer Overrun in CGI.escape_html
* CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
See the commit logs for details.
|
2021-11-27 22:53:13 by Thomas Merkel | Files touched by this commit (2) | |
Log message:
Pullup ticket #6545 - requested by taca
lang/ruby26-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.238
- lang/ruby26-base/distinfo 1.15
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Nov 25 15:51:08 UTC 2021
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby26-base: distinfo
Log message:
lang/ruby26-base: update to 2.6.9
Ruby 2.6.9 Released
Posted by usa on 24 Nov 2021
Ruby 2.6.9 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date
Parsing Methods
* CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse See the commit
logs for details.
Ruby 2.6 is now under the state of the security maintenance phase, until the
end of March of 2022. After that date, maintenance of Ruby 2.6 will be
ended. We recommend you start planning the migration to newer versions of
Ruby, such as 3.0 or 2.7.
|
Next | Query returned 3 messages, browsing 1 to 10 | previous