[packages/ruby] up to 2.4.5; CVE-2018-16396, CVE-2018-16395
glen
glen at pld-linux.org
Sun Nov 4 22:05:11 CET 2018
commit 4fcae2800c1a641454dcc6bb56c0588b774e55ca
Author: Elan Ruusamäe <glen at pld-linux.org>
Date: Sun Nov 4 23:03:52 2018 +0200
up to 2.4.5; CVE-2018-16396, CVE-2018-16395
https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
- CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives
- CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
ruby.spec | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/ruby.spec b/ruby.spec
index afe22b1..575ad8f 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -10,9 +10,9 @@
%bcond_with bootstrap # build bootstrap version
%bcond_with tests # build without tests
-%define rel 12
+%define rel 1
%define ruby_version 2.4
-%define patchlevel 4
+%define patchlevel 5
%define pkg_version %{ruby_version}.%{patchlevel}
%define ruby_suffix %{!?with_default_ruby:%{ruby_version}}
%define doc_version 2_4_3
@@ -34,7 +34,7 @@ License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
Group: Development/Languages
# https://www.ruby-lang.org/en/downloads/
Source0: https://cache.ruby-lang.org/pub/ruby/%{ruby_version}/%{oname}-%{pkg_version}.tar.xz
-# Source0-md5: 4f30cefb7d50c6fa4d801f47ed9d82ca
+# Source0-md5: 47dec91cf6809785ed02b371c2c5a282
Source2: http://www.ruby-doc.org/downloads/%{oname}_%{doc_version}_stdlib_rdocs.tgz
# Source2-md5: d21fb29009644bd174dbba0dad53f1f5
Source3: http://www.ruby-doc.org/downloads/%{oname}_%{doc_version}_core_rdocs.tgz
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/ruby.git/commitdiff/4fcae2800c1a641454dcc6bb56c0588b774e55ca
More information about the pld-cvs-commit
mailing list