mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-08 01:36:38 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Mingli Yu	452cc7b484	ruby: Fix CVE-2023-36617 Backport two patches [1] [2] to fix CVE-2023-36617 [3]. [1] `9010ee2536` [2] `9d7bcef1e6` [3] https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/ (From OE-Core rev: 403a24f02600e2462e8ccfbb42651e15e002bd2e) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-08-01 06:17:27 -10:00
Wang Mingyu	e37179d270	ruby: upgrade 3.2.1 -> 3.2.2 Ruby 3.1.2 CVE-2022-28738: Double free in Regexp compilation.. CVE-2022-28739: Buffer overrun in String-to-Float conversion.. (From OE-Core rev: f1741f1b2fe10d62331a11df6bbd312ae71bffa5) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit b261bc704839b12769118f6f1c4207f3d19fe4fd) Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-05-10 04:16:51 -10:00

Mingli Yu

452cc7b484

ruby: Fix CVE-2023-36617

Backport two patches [1] [2] to fix CVE-2023-36617 [3].

[1] 9010ee2536
[2] 9d7bcef1e6
[3] https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/

(From OE-Core rev: 403a24f02600e2462e8ccfbb42651e15e002bd2e)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-08-01 06:17:27 -10:00

Wang Mingyu

e37179d270

ruby: upgrade 3.2.1 -> 3.2.2

Ruby 3.1.2

CVE-2022-28738: Double free in Regexp compilation..
CVE-2022-28739: Buffer overrun in String-to-Float conversion..

(From OE-Core rev: f1741f1b2fe10d62331a11df6bbd312ae71bffa5)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b261bc704839b12769118f6f1c4207f3d19fe4fd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-05-10 04:16:51 -10:00

2 Commits