poky/ruby at scarthgap-5.0.11 - poky

mirror of git://git.yoctoproject.org/poky.git synced 2025-08-22 00:42:05 +02:00

History

Divya Chellam 7ad1d26688 ruby: fix CVE-2025-27221 In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. Reference: https://security-tracker.debian.org/tracker/CVE-2025-27221 Upstream-patches: `3675494839` `2789182478` (From OE-Core rev: 421d7011269f4750f5942b815d68f77fa4559d69) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-06-02 07:12:34 -07:00
..
ruby	ruby: fix CVE-2025-27221	2025-06-02 07:12:34 -07:00
ruby_3.3.5.bb	ruby: fix CVE-2025-27221	2025-06-02 07:12:34 -07:00

Divya Chellam 7ad1d26688 ruby: fix CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.join, URI#merge, URI#+) have an inadvertent leakage of
authentication credentials because userinfo is retained even
after changing the host.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-27221

Upstream-patches:
3675494839
2789182478

(From OE-Core rev: 421d7011269f4750f5942b815d68f77fa4559d69)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-06-02 07:12:34 -07:00

ruby ruby: fix CVE-2025-27221 2025-06-02 07:12:34 -07:00

ruby_3.3.5.bb ruby: fix CVE-2025-27221 2025-06-02 07:12:34 -07:00