[OpenWrt-Devel] [CC 15.05] ruby: Security update (CVE-2015-7551)

jow at openwrt.org jow at openwrt.org
Tue Jan 12 03:43:32 EST 2016

The ruby package has been rebuilt and was uploaded to the Chaos Calmer
15.05 repository due to a reported security issue.


2.2.3-1 => 2.2.4-1


[Mon, 11 Jan 2016 15:31:27 +0100 375f617]

This release includes a security fix for Fiddle extension.

 * CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL

There are also some bugfixes.

In package, now LD_FLAGS is copied to DLD_FLAGS (used by ruby for
libraries). The missing values from LD_FLAGS cause build error when gcc
does not implicitly include staging/usr/lib.


 lang/ruby/Makefile |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)


 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7551
 * https://github.com/openwrt/packages/commit/375f6172457f21b39c553d2061bcf97fa6c3cec2
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list