bug#62557: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#62557: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023

From:	Andreas Enge
Subject:	bug#62557: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}]
Date:	Tue, 23 May 2023 17:08:51 +0200

Am Fri, May 19, 2023 at 01:09:17PM +0200 schrieb Remco van 't Veer:
> Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and
> CVE-2023-28756 (ReDoS vulnerability in Time).
> * gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8.
> (ruby-2.7)[replacement]: Graft.

Sorry for the delay, I needed to read up on grafts first. Everything looks
good, a dependent package builds, so I have pushed this and am closing
the bug.

Thanks!

Andreas

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#62557] [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}], Remco van 't Veer, 2023/05/19
- bug#62557: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}], Andreas Enge <=

Prev by Date: [bug#63665] [PATCH] gnu: xonsh: Update to 0.14.0
Next by Date: [bug#63527] [PATCH v5 01/11] gnu: Add libpciaccess-0.17.
Previous by thread: [bug#62557] [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}]
Next by thread: [bug#63583] gnu: bitcoin-core: Update to 24.1.
Index(es):
- Date
- Thread