[OpenWrt-Devel] [CC 15.05] ruby: Security update (CVE-2015-7551)
jow at openwrt.org
jow at openwrt.org
Tue Jan 12 03:43:32 EST 2016
The ruby package has been rebuilt and was uploaded to the Chaos Calmer
15.05 repository due to a reported security issue.
VERSION
2.2.3-1 => 2.2.4-1
CHANGELOG
[Mon, 11 Jan 2016 15:31:27 +0100 375f617]
This release includes a security fix for Fiddle extension.
* CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL
There are also some bugfixes.
In package, now LD_FLAGS is copied to DLD_FLAGS (used by ruby for
libraries). The missing values from LD_FLAGS cause build error when gcc
does not implicitly include staging/usr/lib.
CHANGES
lang/ruby/Makefile | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
REFERENCES
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7551
* https://github.com/openwrt/packages/commit/375f6172457f21b39c553d2061bcf97fa6c3cec2
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list