GNU bug report logs - #59585
[PATCH] gnu: ruby-3.0: Update to 3.1.3. [security fixes].

Reported by: Remco van 't Veer <remco <at> remworks.net>

Date: Fri, 25 Nov 2022 19:42:01 UTC

Severity: normal

Tags: patch

Done: Christopher Baines <mail <at> cbaines.net>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 59585 in the body.
You can then email your comments to 59585 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#59585; Package guix-patches. (Fri, 25 Nov 2022 19:42:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Remco van 't Veer <remco <at> remworks.net>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Fri, 25 Nov 2022 19:42:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Remco van 't Veer <remco <at> remworks.net>
To: guix-patches <at> gnu.org
Cc: Remco van 't Veer <remco <at> remworks.net>
Subject: [PATCH] gnu: ruby-3.0: Update to 3.1.3. [security fixes].
Date: Fri, 25 Nov 2022 20:40:52 +0100

Fixes: CVE-2021-33621: HTTP response splitting in CGI.

* gnu/packages/ruby.scm (ruby-3.1): Update to 3.1.3.
---
 gnu/packages/ruby.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index b53aa02ef3..375b09fd72 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -225,7 +225,7 @@ (define-public ruby-3.0
 (define-public ruby-3.1
   (package
     (inherit ruby-3.0)
-    (version "3.1.2")
+    (version "3.1.3")
     (source
      (origin
        (method url-fetch)
@@ -234,7 +234,7 @@ (define-public ruby-3.1
                            "/ruby-" version ".tar.xz"))
        (sha256
         (base32
-         "0amzqczgvr51ilcqfgw0n41hrfanzi0wh8k6am3x5dm1z0bx046a"))))))
+         "06ipqz45qcs0y1273gk2gwslxwd7jgighz3mzbddzg16k29n3qaf"))))))
 
 (define-public ruby ruby-2.7)
 
-- 
2.38.1

Information forwarded to guix-patches <at> gnu.org:
bug#59585; Package guix-patches. (Fri, 25 Nov 2022 20:37:01 GMT) Full text and rfc822 format available.

Message #8 received at 59585 <at> debbugs.gnu.org (full text, mbox):

From: Remco van 't Veer <remco <at> remworks.net>
To: 59585 <at> debbugs.gnu.org
Cc: Remco van 't Veer <remco <at> remworks.net>
Subject: [PATCH v2] gnu: ruby-3.1: Update to 3.1.3. [security fixes].
Date: Fri, 25 Nov 2022 21:36:47 +0100

Fixes: CVE-2021-33621: HTTP response splitting in CGI.

* gnu/packages/ruby.scm (ruby-3.1): Update to 3.1.3.
---

Oeps, sorry.  Copy paste error in commit message.

 gnu/packages/ruby.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index b53aa02ef3..375b09fd72 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -225,7 +225,7 @@ (define-public ruby-3.0
 (define-public ruby-3.1
   (package
     (inherit ruby-3.0)
-    (version "3.1.2")
+    (version "3.1.3")
     (source
      (origin
        (method url-fetch)
@@ -234,7 +234,7 @@ (define-public ruby-3.1
                            "/ruby-" version ".tar.xz"))
        (sha256
         (base32
-         "0amzqczgvr51ilcqfgw0n41hrfanzi0wh8k6am3x5dm1z0bx046a"))))))
+         "06ipqz45qcs0y1273gk2gwslxwd7jgighz3mzbddzg16k29n3qaf"))))))
 
 (define-public ruby ruby-2.7)
 
-- 
2.38.1

Reply sent to Christopher Baines <mail <at> cbaines.net>:
You have taken responsibility. (Tue, 06 Dec 2022 11:36:01 GMT) Full text and rfc822 format available.

Notification sent to Remco van 't Veer <remco <at> remworks.net>:
bug acknowledged by developer. (Tue, 06 Dec 2022 11:36:02 GMT) Full text and rfc822 format available.

Message #13 received at 59585-done <at> debbugs.gnu.org (full text, mbox):

From: Christopher Baines <mail <at> cbaines.net>
To: Remco van 't Veer <remco <at> remworks.net>
Cc: guix-patches <at> gnu.org, 59585-done <at> debbugs.gnu.org
Subject: Re: [bug#59585] [PATCH v2] gnu: ruby-3.1: Update to 3.1.3.
 [security fixes].
Date: Tue, 06 Dec 2022 11:35:25 +0000

[Message part 1 (text/plain, inline)]

Remco van 't Veer <remco <at> remworks.net> writes:

> Fixes: CVE-2021-33621: HTTP response splitting in CGI.
>
> * gnu/packages/ruby.scm (ruby-3.1): Update to 3.1.3.
> ---
>
> Oeps, sorry.  Copy paste error in commit message.
>
>  gnu/packages/ruby.scm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Awesome, I've pushed this to master as
b573af1165081fa8be6afa15a5f54e148125c8f2.

Thanks,

Chris

[signature.asc (application/pgp-signature, inline)]

Information forwarded to guix-patches <at> gnu.org:
bug#59585; Package guix-patches. (Tue, 06 Dec 2022 11:37:01 GMT) Full text and rfc822 format available.

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 03 Jan 2023 12:24:13 GMT) Full text and rfc822 format available.

This bug report was last modified 2 years and 246 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #59585 [PATCH] gnu: ruby-3.0: Update to 3.1.3. [security fixes].

GNU bug report logs - #59585
[PATCH] gnu: ruby-3.0: Update to 3.1.3. [security fixes].