ruby: fix CVE-2025-27221 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-05-23 18:55:42 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-06-02 07:12:34 -0700
commit	7ad1d266889568491e25d7a26f3785de38db1982 (patch)
tree	d736b5ecf7c5830cf5022846e1e5bc1a469f6300 /scripts/lib/devtool/build_image.py
parent	186e2b2b0540a091cdc3b0646eedafa8646c575a (diff)
download	poky-7ad1d266889568491e25d7a26f3785de38db1982.tar.gz

ruby: fix CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. Reference: https://security-tracker.debian.org/tracker/CVE-2025-27221 Upstream-patches: https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495 https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5 (From OE-Core rev: 421d7011269f4750f5942b815d68f77fa4559d69) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/build_image.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: