Remco van 't Veer <remco@remworks.net> writes:

> Fixes: CVE-2024-27280 (Buffer overread vulnerability in StringIO),
> CVE-2024-27281 (RCE vulnerability with .rdoc_options in RDoc),
> CVE-2024-27282 (Arbitrary memory address read vulnerability with Regex
> search), CVE-2025-27219 (Denial of Service in CGI::Cookie.parse)
> CVE-2025-27220 (ReDoS in CGI::Util#escapeElement), and
> CVE-2025-27221 (userinfo leakage in URI#join, URI#merge and URI#+).
>
> * gnu/packages/ruby.scm (ruby-3.1)[replacement]: New field pointing to ruby-3.1.7.
> * gnu/packages/ruby.scm (ruby-3.1.7): Add package.
>
> Change-Id: I9c4758f4622d5844cc9a23c2865a3d0210a4ebae
> ---
>
> Changes in this v2:
>
> * improve commit subject.
>
>  gnu/packages/ruby.scm | 19 ++++++++++++++++++-
>  1 file changed, 18 insertions(+), 1 deletion(-)

Thanks for the patch, I've pushed this to master as
72ac4a8fc6affa789df63382fc1b57c199d0c720.

Chris