Uprev ruby and associated gems to subminor ver 36
All affected packages are moved forward to their -36 version. This solves: ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780) rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (CVE-2018-1000076) along with numerous other issues. See the announcement link: https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006124.html for more details. Note that rubygem-json is moved back to version 1.7.7-36 as it should never have been moved to 2.0.2-2 in the first place. That appears to have occurred accidentally, taking the package from opstools instead of os when moving to CentOS 7.6. Change-Id: I732a0ddba6e2aa5ebda0e10f6e633f60c162890c Closes-Bug: 1849195 Closes-Bug: 1849203 Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
This commit is contained in:
parent
aea2212721
commit
ea25ae6f26
|
@ -1606,18 +1606,18 @@ rpm-python-4.11.3-35.el7.x86_64.rpm
|
|||
rsync-3.1.2-4.el7.x86_64.rpm
|
||||
rtctl-1.13-2.el7.noarch.rpm
|
||||
rt-setup-1.59-5.el7.noarch.rpm
|
||||
ruby-2.0.0.648-34.el7_6.x86_64.rpm
|
||||
ruby-2.0.0.648-36.el7.x86_64.rpm
|
||||
ruby-augeas-0.5.0-1.el7.x86_64.rpm
|
||||
ruby-devel-2.0.0.648-34.el7_6.x86_64.rpm
|
||||
rubygem-bigdecimal-1.2.0-34.el7_6.x86_64.rpm
|
||||
rubygem-io-console-0.4.2-34.el7_6.x86_64.rpm
|
||||
rubygem-json-2.0.2-2.el7.x86_64.rpm
|
||||
rubygem-psych-2.0.0-34.el7_6.x86_64.rpm
|
||||
rubygem-rdoc-4.0.0-34.el7_6.noarch.rpm
|
||||
ruby-devel-2.0.0.648-36.el7.x86_64.rpm
|
||||
rubygem-bigdecimal-1.2.0-36.el7.x86_64.rpm
|
||||
rubygem-io-console-0.4.2-36.el7.x86_64.rpm
|
||||
rubygem-json-1.7.7-36.el7.x86_64.rpm
|
||||
rubygem-psych-2.0.0-36.el7.x86_64.rpm
|
||||
rubygem-rdoc-4.0.0-36.el7.noarch.rpm
|
||||
rubygem-rgen-0.6.6-2.el7.noarch.rpm
|
||||
rubygems-2.0.14.1-34.el7_6.noarch.rpm
|
||||
ruby-irb-2.0.0.648-34.el7_6.noarch.rpm
|
||||
ruby-libs-2.0.0.648-34.el7_6.x86_64.rpm
|
||||
rubygems-2.0.14.1-36.el7.noarch.rpm
|
||||
ruby-irb-2.0.0.648-36.el7.noarch.rpm
|
||||
ruby-libs-2.0.0.648-36.el7.x86_64.rpm
|
||||
ruby-shadow-1.4.1-23.el7.x86_64.rpm
|
||||
sanlock-3.6.0-1.el7.x86_64.rpm
|
||||
sanlock-devel-3.6.0-1.el7.x86_64.rpm
|
||||
|
|
Loading…
Reference in New Issue