GNU bug report logs - #68567
[PATCH] gnu: ruby-3.2: Upgrade to 3.2.3 [fixes CVE-2023-36617].

Previous Next

Package: guix-patches;

Reported by: Remco van 't Veer <remco <at> remworks.net>

Date: Thu, 18 Jan 2024 11:08:02 UTC

Severity: normal

Tags: patch

Done: Andreas Enge <andreas <at> enge.fr>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 68567 in the body.
You can then email your comments to 68567 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#68567; Package guix-patches. (Thu, 18 Jan 2024 11:08:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Remco van 't Veer <remco <at> remworks.net>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Thu, 18 Jan 2024 11:08:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Remco van 't Veer <remco <at> remworks.net>
To: guix-patches <at> gnu.org
Cc: Remco van 't Veer <remco <at> remworks.net>
Subject: [PATCH] gnu: ruby-3.2: Upgrade to 3.2.3 [fixes CVE-2023-36617].
Date: Thu, 18 Jan 2024 12:02:17 +0100

Fixes: CVE-2023-36617 (ReDoS vulnerability in URI).

* gnu/packages/ruby.scm (ruby-3.2): Update to 3.2.3.
---
 gnu/packages/ruby.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 1490c783fa..59dc27e24f 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -29,7 +29,7 @@
 ;;; Copyright © 2020 Tomás Ortín Fernández <tomasortin <at> mailbox.org>
 ;;; Copyright © 2021 Giovanni Biscuolo <g <at> xelera.eu>
 ;;; Copyright © 2022 Philip McGrath <philip <at> philipmcgrath.com>
-;;; Copyright © 2022, 2023 Remco van 't Veer <remco <at> remworks.net>
+;;; Copyright © 2022-2024 Remco van 't Veer <remco <at> remworks.net>
 ;;; Copyright © 2022 Taiju HIGASHI <higashi <at> taiju.info>
 ;;; Copyright © 2023 Yovan Naumovski <yovan <at> gorski.stream>
 ;;; Copyright © 2023 gemmaro <gemmaro.dev <at> gmail.com>
@@ -273,7 +273,7 @@ (define-public ruby-3.1
 (define-public ruby-3.2
   (package
     (inherit ruby-3.1)
-    (version "3.2.2")
+    (version "3.2.3")
     (source
      (origin
        (method url-fetch)
@@ -282,7 +282,7 @@ (define-public ruby-3.2
                            "/ruby-" version ".tar.xz"))
        (sha256
         (base32
-         "08wy2ishjwbccfsrd0iwmyadbwjzrpyxnk74wcrf7163gq7jsdab"))))
+         "0ss7pb7f62sakq5ywpw3dl0v586cl61cd91qlm1i094c9fak3cng"))))
     (inputs
      (modify-inputs (package-inputs ruby-3.1)
        (prepend libyaml)))))
-- 
2.41.0
Reply sent to Andreas Enge <andreas <at> enge.fr>:
You have taken responsibility. (Mon, 12 Feb 2024 10:57:01 GMT) Full text and rfc822 format available.
Notification sent to Remco van 't Veer <remco <at> remworks.net>:
bug acknowledged by developer. (Mon, 12 Feb 2024 10:57:02 GMT) Full text and rfc822 format available.

Message #10 received at 68567-done <at> debbugs.gnu.org (full text, mbox):

From: Andreas Enge <andreas <at> enge.fr>
To: 68567-done <at> debbugs.gnu.org
Subject: Close
Date: Mon, 12 Feb 2024 11:50:48 +0100

Pushed, thanks!

Andreas
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 11 Mar 2024 11:24:10 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 99 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.