kumquat-buildroot/package/ruby/ruby.hash

7 lines
433 B
Plaintext
Raw Normal View History

package/ruby: security bump to version 2.4.9 Fixes the following security vulnerability: (Bundled jquery) - CVE-2012-6708: jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. - CVE-2015-9251: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/ - CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/ - CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix) https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/ - CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch? https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/ - CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/ 2.4.9 fixes a packaging bug in 2.4.8: https://www.ruby-lang.org/en/news/2019/10/02/ruby-2-4-9-released/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-10-05 09:27:27 +02:00
# https://www.ruby-lang.org/en/news/2019/10/02/ruby-2-4-9-released/
sha256 0c4e000253ef7187feeb940a01a1c7594f28d63aa16f978e892a0e2864f58614 ruby-2.4.9.tar.xz
# License files, Locally calculated
sha256 609292a6d848ab223073944fc2d844449391a5ba2055a8b5baf1726bc13b39cb LEGAL
sha256 f5eb1b2956d5f7a67b2e5722a3749bc2fe86f9c580f2e3f5a08519cf073b5864 COPYING
sha256 a5e3042dacb53eebda91f3b1caefbfec8307711df8c4ed1ed20e4e97c43307a4 BSDL