diff options
author | Armin Kuster <akuster808@gmail.com> | 2018-02-19 13:06:35 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-03-04 11:12:12 +0000 |
commit | c323026d9ca3f57628dca4114ed394a279637427 (patch) | |
tree | 9152e5fcddf83c40946b79c0e75f43caf8c4b2f4 /meta/recipes-extended/slang | |
parent | 3c735b01da4ddcf81b426b9f032e8f8494401fae (diff) | |
download | poky-c323026d9ca3f57628dca4114ed394a279637427.tar.gz |
ruby: update to 2.4.3
This fixes a segfault in arm64 multilib.
Drop CVE-2017-14064.patch
Additional CVE included are 2.4.3:
CVE-2017-17405: Command injection vulnerability in Net::FTP
Additional CVE included are 2.4.2:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Ruby Gems:
DNS request hijacking vulnerability. (CVE-2017-0902)
ANSI escape sequence vulnerability. (CVE-2017-0899)
DoS vulnerability in the query command. (CVE-2017-0900)
vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)
(From OE-Core rev: 5bf664ba85c06d17c6e8c200301e42bc5fdab75e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/slang')
0 files changed, 0 insertions, 0 deletions