Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_167413669981830"
MIME-Version: 1.0
Date: Thu, 19 Jan 2023 13:58:19 +0000
From: "Takahiro Kambe" <taca@netbsd.org>
Subject: CVS commit: pkgsrc/devel/ruby-globalid
To: pkgsrc-changes@NetBSD.org
Reply-To: taca@netbsd.org
Message-Id: <20230119135819.BEC3CFA90@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_167413669981830
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Jan 19 13:58:19 UTC 2023

Modified Files:
	pkgsrc/devel/ruby-globalid: Makefile distinfo

Log Message:
devel/ruby-globalid: update to 1.0.1

1.0.1 (2023-01-17)

Possible ReDoS based DoS vulnerability in GlobalID

There is a ReDoS based DoS vulnerability in the GlobalID gem.  This
vulnerability has been assigned the CVE identifier CVE-2023-22799.

Versions Affected: >= 0.2.1
Not affected: NOTAFFECTED
Fixed Versions: 1.0.1

Impact

There is a possible DoS vulnerability in the model name parsing section of
the GlobalID gem.  Carefully crafted input can cause the regular expression
engine to take an unexpected amount of time.  All users running an affected
release should either upgrade or use one of the workarounds immediately.

Releases

The FIXED releases are available at the normal locations.

Workarounds

There are no feasible workarounds for this issue.

Credits

Thank you ooooooo_k for reporting this!


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-globalid/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/devel/ruby-globalid/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_167413669981830
Content-Disposition: inline
Content-Length: 1519
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/devel/ruby-globalid/Makefile
diff -u pkgsrc/devel/ruby-globalid/Makefile:1.13 pkgsrc/devel/ruby-globalid/Makefile:1.14
--- pkgsrc/devel/ruby-globalid/Makefile:1.13	Sun Nov 28 07:55:48 2021
+++ pkgsrc/devel/ruby-globalid/Makefile	Thu Jan 19 13:58:19 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.13 2021/11/28 07:55:48 taca Exp $
+# $NetBSD: Makefile,v 1.14 2023/01/19 13:58:19 taca Exp $
 
-DISTNAME=	globalid-1.0.0
+DISTNAME=	globalid-1.0.1
 CATEGORIES=	devel
 
 MAINTAINER=	minskim@NetBSD.org

Index: pkgsrc/devel/ruby-globalid/distinfo
diff -u pkgsrc/devel/ruby-globalid/distinfo:1.7 pkgsrc/devel/ruby-globalid/distinfo:1.8
--- pkgsrc/devel/ruby-globalid/distinfo:1.7	Sun Nov 28 07:55:48 2021
+++ pkgsrc/devel/ruby-globalid/distinfo	Thu Jan 19 13:58:19 2023
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.7 2021/11/28 07:55:48 taca Exp $
+$NetBSD: distinfo,v 1.8 2023/01/19 13:58:19 taca Exp $
 
-BLAKE2s (globalid-1.0.0.gem) = 13e791b691a3bf28aadbdd649e5983e3942a08659c0975ef40ff01e5ed289974
-SHA512 (globalid-1.0.0.gem) = 69f7e38359fa8d78c77e66d38a42b6e2828c43a0cda1350a33598df4b7b7fa4615c508a6945ca53e3a67ba1cbb9d22aeec78ca1a21e5b88015f5deb0fb194bb9
-Size (globalid-1.0.0.gem) = 13824 bytes
+BLAKE2s (globalid-1.0.1.gem) = 0285bf7f4a2774e07ec3d30d0b5906d12601189be6ba26100a66652d3cce24bd
+SHA512 (globalid-1.0.1.gem) = 407f975ee4ed46f7082c97b90fd44b6a77b775a0355e12e3bed303cc519d074097a0db61b4ca5cc7eeda03de2d254cbda59c921b890146d046deef8fde2ef976
+Size (globalid-1.0.1.gem) = 13824 bytes


--_----------=_167413669981830--