nixpkgs/pkgs/development/interpreters/ruby/rubygems-src.nix at update/yarn - truh/nixpkgs - Forgejo: Beyond coding. We Forge.

truh/nixpkgs

Peter Hoeg e7345735d3 rubygems: 2.6.10 -> 2.6.13

Fixes a number of CVEs:

- a DNS request hijacking vulnerability. (CVE-2017-0902)
- an ANSI escape sequence vulnerability. (CVE-2017-0899)
- a DoS vulnerability in the query command. (CVE-2017-0900)
- a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)

(cherry picked from commit 9f51b3c105)

2017-09-08 16:23:09 +01:00

8 lines

211 B

Nix

Raw Permalink Blame History

 { fetchurl
 , version ? "2.6.13"
 , sha256 ? "1j98ww8cz9y4wwshg7p4i4acrmls3ywkyj1nlkh4k3bywwm50hfh"
 }:
 fetchurl {
   url = "http://production.cf.rubygems.org/rubygems/rubygems-${version}.tgz";
   sha256 = sha256;
 }