Age | Commit message (Collapse) | Author |
|
This fixes a segfault in arm64 multilib.
Drop CVE-2017-14064.patch
Additional CVE included are 2.4.3:
CVE-2017-17405: Command injection vulnerability in Net::FTP
Additional CVE included are 2.4.2:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Ruby Gems:
DNS request hijacking vulnerability. (CVE-2017-0902)
ANSI escape sequence vulnerability. (CVE-2017-0899)
DoS vulnerability in the query command. (CVE-2017-0900)
vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 4ba60ef149da41b1adc48f7a6c0aa1a14905a4e3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Existing version of ruby-native (2.2.5) was crashing on my machine (and others' too),
yet a functional ruby is necessary to upgrade webkit to a version that less vulnerable
to Spectre.
I've performed the update by copying the ruby recipe directory over from the current
pyro tree; if you want to see the list of specific commits, issue this command:
git log 99656fecf4fa6e24ba49ecb7f26f893e733818a0 meta/recipes-devtools/ruby
(up to commit e593d3aeb2ea5f08d6e0753133fe89e345b339e8)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4734a4b41898e3df252b6234ed1270a915fd1f68)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
(cherry picked from commit 8d53b03e8fa1bc20c0d77d6cd7869bd7f7325987)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|