Skip to content

Commit

Permalink
rubygems: 2.6.10 -> 2.6.13
Browse files Browse the repository at this point in the history 
Fixes a number of CVEs:

- a DNS request hijacking vulnerability. (CVE-2017-0902)
- an ANSI escape sequence vulnerability. (CVE-2017-0899)
- a DoS vulnerability in the query command. (CVE-2017-0900)
- a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)

(cherry picked from commit 9f51b3c)
  • Loading branch information
@peterhoeg @Mic92
peterhoeg authored and Mic92 committed Sep 8, 2017
1 parent 36fd26a commit e734573
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions pkgs/development/interpreters/ruby/rubygems-src.nix
View file
@@ -1,6 +1,6 @@
{ fetchurl
, version ? "2.6.10"
, sha256 ? "364c0eee8e0c9e8ab4879c5035832e5a27f0c97292d2264af5ae0020585280f0"
, version ? "2.6.13"
, sha256 ? "1j98ww8cz9y4wwshg7p4i4acrmls3ywkyj1nlkh4k3bywwm50hfh"
}:
fetchurl {
url = "http://production.cf.rubygems.org/rubygems/rubygems-${version}.tgz";
Expand Down

0 comments on commit e734573

Please sign in to comment.