poky/ruby at yocto-4.0.28 - poky

mirror of git://git.yoctoproject.org/poky.git synced 2025-08-22 00:42:05 +02:00

History

Divya Chellam 32d2b233c6 ruby: fix CVE-2025-27221 In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. Reference: https://security-tracker.debian.org/tracker/CVE-2025-27221 Upstream-patches: `3675494839` `2789182478` (From OE-Core rev: c77ff1288719d90ef257dfe28cb33b3768fc124a) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-05-28 08:46:32 -07:00
..
ruby	ruby: fix CVE-2025-27221	2025-05-28 08:46:32 -07:00
ruby_3.1.3.bb	ruby: fix CVE-2025-27221	2025-05-28 08:46:32 -07:00

Divya Chellam 32d2b233c6 ruby: fix CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.join, URI#merge, URI#+) have an inadvertent leakage of
authentication credentials because userinfo is retained even
after changing the host.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-27221

Upstream-patches:
3675494839
2789182478

(From OE-Core rev: c77ff1288719d90ef257dfe28cb33b3768fc124a)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-05-28 08:46:32 -07:00

ruby ruby: fix CVE-2025-27221 2025-05-28 08:46:32 -07:00

ruby_3.1.3.bb ruby: fix CVE-2025-27221 2025-05-28 08:46:32 -07:00