mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-09 10:13:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
68,316 Commits 38 Branches 617 Tags
1c798dccd1a8735305d2f8a855496cfb40ba520c
Commit Graph

7 Commits

Author SHA1 Message Date
Ashish Sharma
6d58d0c4a2 ruby: backport fix for CVE-2024-27282 
Upstream-Status: Backport [989a235580]
(From OE-Core rev: 94a0350058e51c4b05bf5d4e02d048c2e6256725)

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-07-24 07:51:58 -07:00
Yogita Urade
52f1435174 ruby: fix CVE-2024-27280 
A buffer-overread issue was discovered in StringIO 3.0.1, as
distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through
3.1.4. The ungetbyte and ungetc methods on a StringIO can
read past the end of a string, and a subsequent call to
StringIO.gets may return the memory value. 3.0.3 is the main
fixed version; however, for Ruby 3.0 users, a fixed version
is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version
is stringio 3.0.1.2.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-27280

(From OE-Core rev: 729310d17310dff955c51811ff3339fdbc017b95)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-06-26 05:04:39 -07:00
Yogita Urade
70c869275a ruby: fix CVE-2024-27281 
ruby: RCE vulnerability with .rdoc_options in RDoc

References:
https://github.com/ruby/ruby/pull/10316
https://security-tracker.debian.org/tracker/CVE-2024-27281

(From OE-Core rev: d01b73c51ceead4911a9a9306dbe728f1db2e029)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-04-21 06:33:34 -07:00
Meenali Gupta
a54b91946c ruby: fix CVE-2023-36617 
Backport two patches [1] [2] to fix CVE-2023-36617

(From OE-Core rev: 7a40082e4e080eaf5f88bd24f7169b7731028529)

Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-09-30 09:43:59 -10:00
Mingli Yu
6cff3875fe ruby: Fix CVE-2023-28755 
Backport patch [1] to fix CVE-2023-28755.

[1] 8ce4ab1464

(From OE-Core rev: 605634cf1adef2d9cf6dc6fdf17aa4032385497f)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-05-03 04:17:12 -10:00
Hitendra Prajapati
be5ebd6b3f ruby: CVE-2023-28756 ReDoS vulnerability in Time 
Upstream-Status: Backport from 957bb7cb81

(From OE-Core rev: 0f8eb0505e19ccd27e1b91f27285a9fc87f2aa93)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-04-26 04:03:21 -10:00
Alexander Kanavin
1aa3cb0169 ruby: update 3.1.2 -> 3.1.3 
(From OE-Core rev: 3e43f3925bce640999a25ceb855a77d8cd0afd26)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 402254a5f841520b132508c21465111d33b6eb1a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2023-01-06 17:33:23 +00:00