---
- branch: MAIN
  date: Sat Mar 28 04:12:16 UTC 2015
  files:
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/www/ruby-rest-client/Makefile
    pathrev: pkgsrc/www/ruby-rest-client/Makefile@1.3
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/www/ruby-rest-client/distinfo
    pathrev: pkgsrc/www/ruby-rest-client/distinfo@1.3
    type: modified
  id: 20150328T041216Z.5c0cb9eef64055ce53f8b0be5db3af390cdb09fa
  log: |
    Update ruby-rest-client to 1.8.0, security fix.

    # 1.8.0

    - Security: implement standards compliant cookie handling by adding a
      dependency on http-cookie. This breaks compatibility, but was necessary to
      address a session fixation / cookie disclosure vulnerability.
      (#369 / CVE-2015-1820)

      Previously, any Set-Cookie headers found in an HTTP 30x response would be
      sent to the redirection target, regardless of domain. Responses now expose a
      cookie jar and respect standards compliant domain / path flags in Set-Cookie
      headers.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/ruby-rest-client'
  unixtime: '1427515936'
  user: taca