From ea25ae6f265f6a9531dd72a8576462a71c3074dc Mon Sep 17 00:00:00 2001 From: Jim Somerville Date: Fri, 22 Nov 2019 16:35:45 -0500 Subject: [PATCH] Uprev ruby and associated gems to subminor ver 36 All affected packages are moved forward to their -36 version. This solves: ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780) rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (CVE-2018-1000076) along with numerous other issues. See the announcement link: https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006124.html for more details. Note that rubygem-json is moved back to version 1.7.7-36 as it should never have been moved to 2.0.2-2 in the first place. That appears to have occurred accidentally, taking the package from opstools instead of os when moving to CentOS 7.6. Change-Id: I732a0ddba6e2aa5ebda0e10f6e633f60c162890c Closes-Bug: 1849195 Closes-Bug: 1849203 Signed-off-by: Jim Somerville --- centos-mirror-tools/rpms_centos.lst | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/centos-mirror-tools/rpms_centos.lst b/centos-mirror-tools/rpms_centos.lst index 898618c4..1f4ad9a8 100644 --- a/centos-mirror-tools/rpms_centos.lst +++ b/centos-mirror-tools/rpms_centos.lst @@ -1606,18 +1606,18 @@ rpm-python-4.11.3-35.el7.x86_64.rpm rsync-3.1.2-4.el7.x86_64.rpm rtctl-1.13-2.el7.noarch.rpm rt-setup-1.59-5.el7.noarch.rpm -ruby-2.0.0.648-34.el7_6.x86_64.rpm +ruby-2.0.0.648-36.el7.x86_64.rpm ruby-augeas-0.5.0-1.el7.x86_64.rpm -ruby-devel-2.0.0.648-34.el7_6.x86_64.rpm -rubygem-bigdecimal-1.2.0-34.el7_6.x86_64.rpm -rubygem-io-console-0.4.2-34.el7_6.x86_64.rpm -rubygem-json-2.0.2-2.el7.x86_64.rpm -rubygem-psych-2.0.0-34.el7_6.x86_64.rpm -rubygem-rdoc-4.0.0-34.el7_6.noarch.rpm +ruby-devel-2.0.0.648-36.el7.x86_64.rpm +rubygem-bigdecimal-1.2.0-36.el7.x86_64.rpm +rubygem-io-console-0.4.2-36.el7.x86_64.rpm +rubygem-json-1.7.7-36.el7.x86_64.rpm +rubygem-psych-2.0.0-36.el7.x86_64.rpm +rubygem-rdoc-4.0.0-36.el7.noarch.rpm rubygem-rgen-0.6.6-2.el7.noarch.rpm -rubygems-2.0.14.1-34.el7_6.noarch.rpm -ruby-irb-2.0.0.648-34.el7_6.noarch.rpm -ruby-libs-2.0.0.648-34.el7_6.x86_64.rpm +rubygems-2.0.14.1-36.el7.noarch.rpm +ruby-irb-2.0.0.648-36.el7.noarch.rpm +ruby-libs-2.0.0.648-36.el7.x86_64.rpm ruby-shadow-1.4.1-23.el7.x86_64.rpm sanlock-3.6.0-1.el7.x86_64.rpm sanlock-devel-3.6.0-1.el7.x86_64.rpm