Commit 0bba1702 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/ruby: security upgrade to 2.4.4

CVE-2017-17742: HTTP response splitting in WEBrick

CVE-2018-6914: Unintentional file and directory creation with directory
               traversal in tempfile and tmpdir

CVE-2018-8777: DoS by large request in WEBrick

CVE-2018-8778: Buffer under-read in String#unpack

CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
               UNIXServer and UNIXSocket

CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
               Dir

fixes #8747
parent 4808cbda
......@@ -3,6 +3,13 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
#
# secfixes:
# 2.4.4-r0:
# - CVE-2017-17742
# - CVE-2018-6914
# - CVE-2018-8777
# - CVE-2018-8778
# - CVE-2018-8779
# - CVE-2018-8780
# 2.4.2-r0:
# - CVE-2017-0898
# - CVE-2017-10784
......@@ -16,7 +23,7 @@
# - CVE-2017-17405
#
pkgname=ruby
pkgver=2.4.3
pkgver=2.4.4
_abiver="${pkgver%.*}.0"
pkgrel=0
pkgdesc="An object-oriented language for quick and easy programming"
......@@ -243,5 +250,5 @@ _mvgem() {
done
}
sha512sums="fb4339e30c04d03b1422b6c32ede45902e072cd26325b36f3fc05c341d42eea6431d88718242dcc9ce24d9cad26f3d26772f2e806bd7d93f40be50268c318409 ruby-2.4.3.tar.bz2
sha512sums="ae632852a5f413561d8134e9ef3bb82adb37317696dd293ef92cb76709ecd45718f14116ecce35b12f1c2dd53ccae8dabc7a924a270072b697512d11f4922347 ruby-2.4.4.tar.bz2
cfdc5ea3b2e2ea69c51f38e8e2180cb1dc27008ca55cc6301f142ebafdbab31c3379b3b6bba9ff543153876dd98ed2ad194df3255b7ea77a62e931c935f80538 rubygems-avoid-platform-specific-gems.patch"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment