code.ossystems Code Review - openembedded-core.git/commit

author	Armin Kuster <akuster808@gmail.com>
	Mon, 19 Feb 2018 21:06:35 +0000 (13:06 -0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Sat, 3 Mar 2018 17:07:18 +0000 (17:07 +0000)
commit	5bf664ba85c06d17c6e8c200301e42bc5fdab75e
tree	b49eafcd249b0ffb97bcce7a43847ee4acf9111e	tree \| snapshot
parent	4c1de18cb5d2bf4067246bf7242abde0f0917a3a	commit \| diff

ruby: update to 2.4.3

This fixes a segfault in arm64 multilib.

Drop CVE-2017-14064.patch

Additional CVE included are 2.4.3:
CVE-2017-17405: Command injection vulnerability in Net::FTP

Additional CVE included are 2.4.2:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON

Ruby Gems:
DNS request hijacking vulnerability. (CVE-2017-0902)
ANSI escape sequence vulnerability. (CVE-2017-0899)
DoS vulnerability in the query command. (CVE-2017-0900)
vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)

Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch	[deleted file]	blob \| history
meta/recipes-devtools/ruby/ruby_2.4.3.bb	[moved from meta/recipes-devtools/ruby/ruby_2.4.0.bb with 89% similarity]	diff \| blob \| history