mirror of
https://git.yoctoproject.org/poky
synced 2026-02-10 02:33:02 +01:00
32d2b233c6
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. Reference: https://security-tracker.debian.org/tracker/CVE-2025-27221 Upstream-patches:36754948392789182478(From OE-Core rev: c77ff1288719d90ef257dfe28cb33b3768fc124a) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>