ruby: fix CVE-2024-41123 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-11-20 15:07:22 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-12-01 06:50:49 -0800
commit	6639c7b29502bed5ce1bfb0abcfd4dc09b3e1da6 (patch)
tree	b37a3c727ab72195aa5d35ac8b9e917531ae9480 /meta/recipes-devtools/python
parent	7c4bd642e4ce30e2a7504fcd4fe12fca2f6b91e1 (diff)
download	poky-6639c7b29502bed5ce1bfb0abcfd4dc09b3e1da6.tar.gz

ruby: fix CVE-2024-41123

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-41123 Upstream-patches: https://github.com/ruby/rexml/commit/2c39c91a65d69357cfbc35dd8079b3606d86bb70 https://github.com/ruby/rexml/commit/4444a04ece4c02a7bd51e8c75623f22dc12d882b https://github.com/ruby/rexml/commit/ebc3e85bfa2796fb4922c1932760bec8390ff87c https://github.com/ruby/rexml/commit/6cac15d45864c8d70904baa5cbfcc97181000960 https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6 (From OE-Core rev: 6b2a2e689a69deef6098f6c266542234e46fb24b) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: