ruby: fix CVE-2025-27221 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-05-23 18:53:53 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-05-28 08:46:32 -0700
commit	32d2b233c6b194992c8125728d4230d748be0659 (patch)
tree	749f5075f9a46c21cb9bbc3a4835d7e8de7ede77 /documentation/dev-manual/python-development-shell.rst
parent	097732e0574126222472eeabda9417072b5ac3f8 (diff)
download	poky-32d2b233c6b194992c8125728d4230d748be0659.tar.gz

ruby: fix CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. Reference: https://security-tracker.debian.org/tracker/CVE-2025-27221 Upstream-patches: https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495 https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5 (From OE-Core rev: c77ff1288719d90ef257dfe28cb33b3768fc124a) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'documentation/dev-manual/python-development-shell.rst')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: