GNU bug report logs - #62557
[PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}]

Previous Next

Full log

View this message in rfc822 format

From: Remco van 't Veer <remco <at> remworks.net>
To: 62557 <at> debbugs.gnu.org
Cc: guix-devel <at> gnu.org, Andreas Enge <andreas <at> enge.fr>, Christopher Baines <mail <at> cbaines.net>, Remco van 't Veer <remco <at> remworks.net>, Christopher Baines <mail <at> cbaines.net>
Subject: [bug#62557] [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}]
Date: Fri, 19 May 2023 13:09:17 +0200

Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and
CVE-2023-28756 (ReDoS vulnerability in Time).

* gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8.
(ruby-2.7)[replacement]: Graft.
---
 gnu/packages/ruby.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index dbd4127343..eb84367d15 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -163,6 +163,7 @@ (define-public ruby-2.7
   (package
     (inherit ruby-2.6)
     (version "2.7.6")
+    (replacement ruby-2.7-fixed) ; security fixes
     (source
      (origin
        (inherit (package-source ruby-2.6))
@@ -200,7 +201,7 @@ (define-public ruby-2.7
 (define ruby-2.7-fixed
   (package
     (inherit ruby-2.7)
-    (version "2.7.7")
+    (version "2.7.8")
     (source
      (origin
        (inherit (package-source ruby-2.7))
@@ -209,7 +210,7 @@ (define ruby-2.7-fixed
                            "/ruby-" version ".tar.gz"))
        (sha256
         (base32
-         "143vih5jzmrd2r5h94pa3qzml0ldii0qzs6g09jg6zqxd7djf0g1"))))))
+         "182vni66djmiqagwzfsd0za7x9k3zag43b88c590aalgphybdnn2"))))))
 
 (define-public ruby-3.0
   (package

base-commit: 14c03807ba4bc81d42cf869f5b827f7da54ff843
-- 
2.40.1

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.