kumquat-buildroot/package/ruby/ruby.hash
Peter Korsgaard c0ce796f57 package/ruby: security bump to version 2.4.6
Fixes the following security issues:

- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9009823137)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 22:30:18 +02:00

7 lines
433 B
Plaintext

# https://www.ruby-lang.org/en/news/2019/04/01/ruby-2-4-6-released/
sha256 25da31b9815bfa9bba9f9b793c055a40a35c43c6adfb1fdbd81a09099f9b529c ruby-2.4.6.tar.xz
# License files, Locally calculated
sha256 609292a6d848ab223073944fc2d844449391a5ba2055a8b5baf1726bc13b39cb LEGAL
sha256 f5eb1b2956d5f7a67b2e5722a3749bc2fe86f9c580f2e3f5a08519cf073b5864 COPYING
sha256 a5e3042dacb53eebda91f3b1caefbfec8307711df8c4ed1ed20e4e97c43307a4 BSDL