GNU bug report logs - #62557
[PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}]

Previous Next

Package: guix-patches;

Reported by: Remco van 't Veer <remco <at> remworks.net>

Date: Fri, 31 Mar 2023 05:25:01 UTC

Severity: normal

Tags: patch

Done: Andreas Enge <andreas <at> enge.fr>

Bug is archived. No further changes may be made.

Full log

Message #13 received at 62557-done <at> debbugs.gnu.org (full text, mbox):

From: Andreas Enge <andreas <at> enge.fr>
To: Remco van 't Veer <remco <at> remworks.net>
Cc: Christopher Baines <mail <at> cbaines.net>, 62557-done <at> debbugs.gnu.org
Subject: Re: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes
 CVE-2023-{28755,28756}]
Date: Tue, 23 May 2023 17:08:51 +0200

Am Fri, May 19, 2023 at 01:09:17PM +0200 schrieb Remco van 't Veer:
> Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and
> CVE-2023-28756 (ReDoS vulnerability in Time).
> * gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8.
> (ruby-2.7)[replacement]: Graft.

Sorry for the delay, I needed to read up on grafts first. Everything looks
good, a dependent package builds, so I have pushed this and am closing
the bug.

Thanks!

Andreas

This bug report was last modified 2 years and 2 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #62557 [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}]

GNU bug report logs - #62557
[PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}]