CVS commit: pkgsrc/misc/rubygems

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/misc/rubygems
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Mon, 30 Sep 2013 03:12:59 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Mon Sep 30 03:12:59 UTC 2013

Modified Files:
        pkgsrc/misc/rubygems: Makefile distinfo

Log Message:
Update rubygems package to 2.0.10.  This is security fix for CVE-2013-4363.

=== 2.0.10 / 2013-09-24

Security fixes:

* RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a
  backtracking in Gem::Version validation.  See CVE-2013-4363 for full details
  including vulnerable APIs.  Fixed versions include 2.1.5, 2.0.10, 1.8.27 and
  1.8.23.2 (for Ruby 1.9.3).

=== 2.0.9 / 2013-09-13

Bug fixes:

* Gem fetch now fetches the newest (not oldest) gem when --version is given.
  Issue #643 by Brian Shirai.
* Fixed credential creation for `gem push` when `--host` is not given.  Pull
  request #622 by Arthur Nogueira Neves


To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 pkgsrc/misc/rubygems/Makefile
cvs rdiff -u -r1.43 -r1.44 pkgsrc/misc/rubygems/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/www/shibboleth-sp
Next by Date: CVS commit: pkgsrc/lang/ruby193-base
Previous by Thread: CVS commit: pkgsrc/www/shibboleth-sp
Next by Thread: CVS commit: pkgsrc/lang/ruby193-base
Indexes:

Home | Main Index | Thread Index | Old Index