ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-07 15:36:20 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}]

Browse source 
Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and
CVE-2023-28756 (ReDoS vulnerability in Time).

* gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8.
(ruby-2.7)[replacement]: Graft.

Signed-off-by: Andreas Enge <andreas@enge.fr>
This commit is contained in:
Remco van 't Veer 2023-05-19 13:09:17 +02:00 committed by Andreas Enge
parent 8927b20ba1
commit cb193c0dd1
No known key found for this signature in database
GPG key ID: F7D5C9BF765C61E3
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
gnu/packages/ruby.scm
View file

@ -163,6 +163,7 @@ (define-public ruby-2.7
(package
(inherit ruby-2.6)
(version "2.7.6")
(replacement ruby-2.7-fixed) ; security fixes
(source
(origin
(inherit (package-source ruby-2.6))
@ -200,7 +201,7 @@ (define-public ruby-2.7
(define ruby-2.7-fixed
(package
(inherit ruby-2.7)
(version "2.7.7")
(version "2.7.8")
(source
(origin
(inherit (package-source ruby-2.7))
@ -209,7 +210,7 @@ (define ruby-2.7-fixed
"/ruby-" version ".tar.gz"))
(sha256
(base32
"143vih5jzmrd2r5h94pa3qzml0ldii0qzs6g09jg6zqxd7djf0g1"))))))
"182vni66djmiqagwzfsd0za7x9k3zag43b88c590aalgphybdnn2"))))))
(define-public ruby-3.0
(package