aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2018-03-29 14:13:19 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2018-03-29 16:32:44 +0200
commit1779cab830661bf6686eb27c5b5c3117f8b91cee (patch)
tree0cead2ab202bba7274b8279e6288c1c0e13fdfe4
parent1308713a57c313602159ec24e457dc05f4865c60 (diff)
downloadaports-1779cab830661bf6686eb27c5b5c3117f8b91cee.tar.bz2
aports-1779cab830661bf6686eb27c5b5c3117f8b91cee.tar.xz
main/ruby: security upgrade to 2.3.7
CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir fixes #8750
-rw-r--r--main/ruby/APKBUILD13
1 files changed, 11 insertions, 2 deletions
diff --git a/main/ruby/APKBUILD b/main/ruby/APKBUILD
index d3f24ab745..8ceed343ff 100644
--- a/main/ruby/APKBUILD
+++ b/main/ruby/APKBUILD
@@ -2,6 +2,13 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
#
# secfixes:
+# 2.3.7-r0:
+# - CVE-2017-17742
+# - CVE-2018-6914
+# - CVE-2018-8777
+# - CVE-2018-8778
+# - CVE-2018-8779
+# - CVE-2018-8780
# 2.3.5-r0:
# - CVE-2017-0898
# - CVE-2017-10784
@@ -15,7 +22,7 @@
# - CVE-2017-17405
#
pkgname=ruby
-pkgver=2.3.6
+pkgver=2.3.7
_pkgver=${pkgver/_/-}
pkgrel=0
@@ -212,4 +219,6 @@ libs() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
}
-sha512sums="bc3c7a115745a38e44bd91eb5637b1e412011c471d9749db7960185ef75737b944dd0e524f22432809649952ca7d93f46d458990e9cd2b0db5ca8abf4bc8ea99 ruby-2.3.6.tar.bz2"
+md5sums="5eb580d5cd13ffb5aacfb96580c0043d ruby-2.3.7.tar.bz2"
+sha256sums="18b12fafaf37d5f6c7139c1b445355aec76baa625a40300598a6c8597fc04d8e ruby-2.3.7.tar.bz2"
+sha512sums="e72754f7703f0706c4b0bccd053035536053451fe069a55427984cc0bc5692b86bd51c243c5f62f78527c66b08300d2e4aa19b73e6ded13d6020aa2450e66a7d ruby-2.3.7.tar.bz2"