| Message ID | 39064d434f98649262c1cd29c5f712a538c56a04.1684494551.git.remco@remworks.net |
|---|---|
| State | New |
| Headers | show |
| Series | [bug#62557] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}] | expand |
Am Fri, May 19, 2023 at 01:09:17PM +0200 schrieb Remco van 't Veer: > Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and > CVE-2023-28756 (ReDoS vulnerability in Time). > * gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8. > (ruby-2.7)[replacement]: Graft. Sorry for the delay, I needed to read up on grafts first. Everything looks good, a dependent package builds, so I have pushed this and am closing the bug. Thanks! Andreas
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index dbd4127343..eb84367d15 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -163,6 +163,7 @@ (define-public ruby-2.7 (package (inherit ruby-2.6) (version "2.7.6") + (replacement ruby-2.7-fixed) ; security fixes (source (origin (inherit (package-source ruby-2.6)) @@ -200,7 +201,7 @@ (define-public ruby-2.7 (define ruby-2.7-fixed (package (inherit ruby-2.7) - (version "2.7.7") + (version "2.7.8") (source (origin (inherit (package-source ruby-2.7)) @@ -209,7 +210,7 @@ (define ruby-2.7-fixed "/ruby-" version ".tar.gz")) (sha256 (base32 - "143vih5jzmrd2r5h94pa3qzml0ldii0qzs6g09jg6zqxd7djf0g1")))))) + "182vni66djmiqagwzfsd0za7x9k3zag43b88c590aalgphybdnn2")))))) (define-public ruby-3.0 (package