diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-11-12 14:43:11 +0100 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-11-12 17:52:28 +0100 |
| commit | f2c353054111b0398399ba1933a47d34441c875e (patch) | |
| tree | f31687b70464063b8bfd82bed292011418b7d85e /package/ruby/ruby.hash | |
| parent | 3c8dc542936484cf94efd06d96161c8a04fb17a5 (diff) | |
| download | buildroot-f2c353054111b0398399ba1933a47d34441c875e.tar.gz buildroot-f2c353054111b0398399ba1933a47d34441c875e.zip | |
ruby: security bump to version 2.4.2
Fixed the following security issues:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
For more details, see the release notes:
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/
Drop now upstreamed rubygems patches and add hashes for the license files
while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/ruby/ruby.hash')
| -rw-r--r-- | package/ruby/ruby.hash | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash index 624ce40f57..d066186d56 100644 --- a/package/ruby/ruby.hash +++ b/package/ruby/ruby.hash @@ -1,2 +1,6 @@ -# From https://www.ruby-lang.org/en/news/2017/03/22/ruby-2-4-1-released/ -sha256 4fc8a9992de3e90191de369270ea4b6c1b171b7941743614cc50822ddc1fe654 ruby-2.4.1.tar.xz +# From https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/ +sha256 748a8980d30141bd1a4124e11745bb105b436fb1890826e0d2b9ea31af27f735 ruby-2.4.2.tar.xz +# License files, Locally calculated +sha256 5cda9584acd5e1096276a375085b7e659fa67a072fd69ec2c3931e54f7f563bb LEGAL +sha256 f5eb1b2956d5f7a67b2e5722a3749bc2fe86f9c580f2e3f5a08519cf073b5864 COPYING +sha256 a5e3042dacb53eebda91f3b1caefbfec8307711df8c4ed1ed20e4e97c43307a4 BSDL |
