pkgsrc Source-Changes / commit log search

2024-05-23 22:21:22 UTC Now

2018-03-29 03:04:47 UTC MAIN commitmail json YAML

pkgsrc/lang/ruby/rubyversion.mk@1.192 / diff
pkgsrc/lang/ruby24-base/Makefile@1.8 / diff
pkgsrc/lang/ruby24-base/distinfo@1.9 / diff
pkgsrc/lang/ruby24-base/patches/patch-man_erb.1 deleted
pkgsrc/lang/ruby24-base/patches/patch-man_irb.1 deleted
pkgsrc/lang/ruby24-base/patches/patch-man_ri.1 deleted
pkgsrc/lang/ruby24-base/patches/patch-man_ruby.1 deleted

lang/ruby24-base: update to 2.4.4, security release

Ruby 2.4.4 Released Posted by nagachika on 28 Mar 2018

Ruby 2.4.4 has been released.

This release includes some bug fixes and some security fixes.

* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems

There are also some bug fixes. See commit logs for more details.

(taca)