[Buildroot] [PATCH] ruby: security bump to version 2.4.5

Peter Korsgaard peter at korsgaard.com
Tue Nov 13 23:12:34 UTC 2018


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > - CVE-2018-16396: Tainted flags are not propagated in Array#pack and
 >   String#unpack with some directives
 > https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/

 > - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
 > https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/

 > Update hash of LEGAL as it had a few (wayback machine) URLs added/changed.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2018.02.x and 2018.08.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list