| Message ID | 20240519172955.457904-1-fontaine.fabrice@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/ruby: security bump to version 3.3.1 | expand |
Fabrice, All, On 2024-05-19 19:29 +0200, Fabrice Fontaine spake thusly: > This release includes security fixes: > - CVE-2024-27282: Arbitrary memory address read vulnerability with > Regex search > - CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc > - CVE-2024-27280: Buffer overread vulnerability in StringIO > > https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-3-1-released/ > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > package/ruby/ruby.hash | 4 ++-- > package/ruby/ruby.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash > index c729c59453..4ac6200bca 100644 > --- a/package/ruby/ruby.hash > +++ b/package/ruby/ruby.hash > @@ -1,5 +1,5 @@ > -# https://www.ruby-lang.org/en/news/2023/12/25/ruby-3-3-0-released/ > -sha512 7959c5753bfa0bfc4d6d74060869aabbe9815c1c97930659da11b917ee0803ddbbd80e869e00c48b8694b4ba48709c3b6493fd045568e36e902616c35ababf01 ruby-3.3.0.tar.xz > +# https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-3-1-released/ > +sha512 c58e9be9b5ab48191fbf7d67e13f0ec42ee71ed338170e0f7b246708e9cfc617ce65098f5ce7ab32d4305e785642d3e44253462104d5b9c4abcb1a4113f48347 ruby-3.3.1.tar.xz > > # License files, Locally calculated > sha256 e849b28d324423e636a3e6bc5d583cdaf4bd046c2b20872c53886b612d01a4a1 LEGAL > diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk > index 00fa0e0f65..fcc637c5ea 100644 > --- a/package/ruby/ruby.mk > +++ b/package/ruby/ruby.mk > @@ -5,7 +5,7 @@ > ################################################################################ > > RUBY_VERSION_MAJOR = 3.3 > -RUBY_VERSION = $(RUBY_VERSION_MAJOR).0 > +RUBY_VERSION = $(RUBY_VERSION_MAJOR).1 > RUBY_VERSION_EXT = 3.3.0 > RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR) > RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz > -- > 2.43.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash index c729c59453..4ac6200bca 100644 --- a/package/ruby/ruby.hash +++ b/package/ruby/ruby.hash @@ -1,5 +1,5 @@ -# https://www.ruby-lang.org/en/news/2023/12/25/ruby-3-3-0-released/ -sha512 7959c5753bfa0bfc4d6d74060869aabbe9815c1c97930659da11b917ee0803ddbbd80e869e00c48b8694b4ba48709c3b6493fd045568e36e902616c35ababf01 ruby-3.3.0.tar.xz +# https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-3-1-released/ +sha512 c58e9be9b5ab48191fbf7d67e13f0ec42ee71ed338170e0f7b246708e9cfc617ce65098f5ce7ab32d4305e785642d3e44253462104d5b9c4abcb1a4113f48347 ruby-3.3.1.tar.xz # License files, Locally calculated sha256 e849b28d324423e636a3e6bc5d583cdaf4bd046c2b20872c53886b612d01a4a1 LEGAL diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk index 00fa0e0f65..fcc637c5ea 100644 --- a/package/ruby/ruby.mk +++ b/package/ruby/ruby.mk @@ -5,7 +5,7 @@ ################################################################################ RUBY_VERSION_MAJOR = 3.3 -RUBY_VERSION = $(RUBY_VERSION_MAJOR).0 +RUBY_VERSION = $(RUBY_VERSION_MAJOR).1 RUBY_VERSION_EXT = 3.3.0 RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR) RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
This release includes security fixes: - CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search - CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc - CVE-2024-27280: Buffer overread vulnerability in StringIO https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-3-1-released/ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/ruby/ruby.hash | 4 ++-- package/ruby/ruby.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)