ruby: fix CVE-2025-27220 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-03-27 10:57:44 +0000
committer	Steve Sakoman <steve@sakoman.com>	2025-04-01 09:08:42 -0700
commit	ba85fa8c930a5b134af153f0a86a80b48046c6c1 (patch)
tree	ba65003ab3d1686ecac9f0452a62b8de5c6ea0dc /scripts/lib/devtool/build_sdk.py
parent	f82d945d504b82f64c3a715a199e65858aa23479 (diff)
download	poky-ba85fa8c930a5b134af153f0a86a80b48046c6c1.tar.gz

ruby: fix CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. Reference: https://security-tracker.debian.org/tracker/CVE-2025-27220 Upstream-patch: https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6 (From OE-Core rev: 8c31f8e142894f103409ee10deccc22fdeea897c) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/build_sdk.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: