mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-10 05:49:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
6ba8b8a487f61d511904dd7263a58a794d3d3bb5
poky/meta/recipes-devtools/ruby
T
History
Divya Chellam 7ad1d26688 ruby: fix CVE-2025-27221 
In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.join, URI#merge, URI#+) have an inadvertent leakage of
authentication credentials because userinfo is retained even
after changing the host.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-27221

Upstream-patches:
https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495
https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5

(From OE-Core rev: 421d7011269f4750f5942b815d68f77fa4559d69)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-02 07:12:34 -07:00
..
ruby
ruby: fix CVE-2025-27221
2025-06-02 07:12:34 -07:00
ruby_3.3.5.bb
ruby: fix CVE-2025-27221
2025-06-02 07:12:34 -07:00