Update rubygems package to 2.0.10. This is security fix for CVE-2013-4363. - pkgsrc

diff options

author	taca <taca@pkgsrc.org>	2013-09-30 03:12:59 +0000
committer	taca <taca@pkgsrc.org>	2013-09-30 03:12:59 +0000
commit	d62528f334be53165376b87e58adb10e036a0298 (patch)
tree	266a5203b565aa18e88cac974b9d9f016e55fa67 /regress/barrier
parent	13f193e9c23b6a271d4c64d7aa7ea9abc33bc090 (diff)
download	pkgsrc-d62528f334be53165376b87e58adb10e036a0298.tar.gz

Update rubygems package to 2.0.10. This is security fix for CVE-2013-4363.

=== 2.0.10 / 2013-09-24 Security fixes: * RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a backtracking in Gem::Version validation. See CVE-2013-4363 for full details including vulnerable APIs. Fixed versions include 2.1.5, 2.0.10, 1.8.27 and 1.8.23.2 (for Ruby 1.9.3). === 2.0.9 / 2013-09-13 Bug fixes: * Gem fetch now fetches the newest (not oldest) gem when --version is given. Issue #643 by Brian Shirai. * Fixed credential creation for `gem push` when `--host` is not given. Pull request #622 by Arthur Nogueira Neves

Diffstat (limited to 'regress/barrier')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: