guix/gnu/packages/ruby.scm at ef03ca5a00aba012ebcf7104fcd057159ed86cf0

mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-04-09 06:30:36 +02:00

Files

Remco van 't Veer 72ac4a8fc6 gnu: ruby: Replace with 3.1.7.

Fixes: CVE-2024-27280 (Buffer overread vulnerability in StringIO),
CVE-2024-27281 (RCE vulnerability with .rdoc_options in RDoc),
CVE-2024-27282 (Arbitrary memory address read vulnerability with Regex
search), CVE-2025-27219 (Denial of Service in CGI::Cookie.parse)
CVE-2025-27220 (ReDoS in CGI::Util#escapeElement), and
CVE-2025-27221 (userinfo leakage in URI#join, URI#merge and URI#+).

* gnu/packages/ruby.scm (ruby-3.1.7): New variable.
(ruby-3.1)[replacement]: Replace with ruby-3.1.7.

Change-Id: I9c4758f4622d5844cc9a23c2865a3d0210a4ebae
Signed-off-by: Christopher Baines <mail@cbaines.net>

2025-05-26 16:09:51 +01:00

666 KiB

Raw Blame History

View Raw

666 KiB Raw Blame History

666 KiB

Raw Blame History