* [Buildroot] [git commit branch/2021.02.x] package/ruby: security bump to version 2.7.5
@ 2022-01-15 11:34 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2022-01-15 11:34 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=9087da9922f10513c604d73f8d5d6d86cea91768
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.02.x
Fixes the following security issues:
- CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date
Parsing Methods
https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
- CVE-2021-41816: Buffer Overrun in CGI.escape_html
https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
- CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/ruby/ruby.hash | 4 ++--
package/ruby/ruby.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash
index cba48418e7..408bd04e43 100644
--- a/package/ruby/ruby.hash
+++ b/package/ruby/ruby.hash
@@ -1,5 +1,5 @@
-# https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/
-sha256 2a80824e0ad6100826b69b9890bf55cfc4cf2b61a1e1330fccbcb30c46cef8d7 ruby-2.7.4.tar.xz
+# https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/
+sha256 d216d95190eaacf3bf165303747b02ff13f10b6cfab67a9031b502a49512b516 ruby-2.7.5.tar.xz
# License files, Locally calculated
sha256 b09ca195d2de08f0aacfa8793d0af62d7681c304b3ef714b75813721823295a6 LEGAL
sha256 967586d538a28955ec2541910cf63c5ac345fcdea94bfb1f1705a1f6eb36bcbb COPYING
diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk
index 24449eac71..d7648efdc6 100644
--- a/package/ruby/ruby.mk
+++ b/package/ruby/ruby.mk
@@ -5,7 +5,7 @@
################################################################################
RUBY_VERSION_MAJOR = 2.7
-RUBY_VERSION = $(RUBY_VERSION_MAJOR).4
+RUBY_VERSION = $(RUBY_VERSION_MAJOR).5
RUBY_VERSION_EXT = 2.7.0
RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-01-15 11:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-15 11:34 [Buildroot] [git commit branch/2021.02.x] package/ruby: security bump to version 2.7.5 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.