bug#62557: closed ([PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}])

[GNU bug Tracking System]

Your message dated Tue, 23 May 2023 17:08:51 +0200
with message-id <ZGzXA4pfGNb73mQZ@jurong>
and subject line Re: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes 
CVE-2023-{28755,28756}]
has caused the debbugs.gnu.org bug report #62557,
regarding [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 
28756}]
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
62557: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=62557
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}]
>
>
>
>
> Date: 
>
> Fri, 31 Mar 2023 07:24:23 +0200
>
>
>
>
> Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and
> CVE-2023-28756 (ReDoS vulnerability in Time).
>
> * gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8.
> ---
>  gnu/packages/ruby.scm | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
> index 3bf0f0f534..df01005846 100644
> --- a/gnu/packages/ruby.scm
> +++ b/gnu/packages/ruby.scm
> @@ -29,7 +29,7 @@
>  ;;; Copyright © 2020 Tomás Ortín Fernández <tomasortin@mailbox.org>
>  ;;; Copyright © 2021 Giovanni Biscuolo <g@xelera.eu>
>  ;;; Copyright © 2022 Philip McGrath <philip@philipmcgrath.com>
> -;;; Copyright © 2022 Remco van 't Veer <remco@remworks.net>
> +;;; Copyright © 2022, 2023 Remco van 't Veer <remco@remworks.net>
>  ;;; Copyright © 2022 Taiju HIGASHI <higashi@taiju.info>
>  ;;; Copyright © 2023 Yovan Naumovski <yovan@gorski.stream>
>  ;;;
> @@ -201,7 +201,7 @@ (define-public ruby-2.7
>  (define ruby-2.7-fixed
>    (package
>      (inherit ruby-2.7)
> -    (version "2.7.7")
> +    (version "2.7.8")
>      (source
>       (origin
>         (inherit (package-source ruby-2.7))
> @@ -210,7 +210,7 @@ (define ruby-2.7-fixed
>                             "/ruby-" version ".tar.gz"))
>         (sha256
>          (base32
> -         "143vih5jzmrd2r5h94pa3qzml0ldii0qzs6g09jg6zqxd7djf0g1"))))))
> +         "182vni66djmiqagwzfsd0za7x9k3zag43b88c590aalgphybdnn2"))))))
>  
>  (define-public ruby-3.0
>    (package
> -- 
> 2.39.2
>
>
>
>
> --- End Message ---
> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755,28756}]
>
>
>
>
> Date: 
>
> Tue, 23 May 2023 17:08:51 +0200
>
>
>
>
> Am Fri, May 19, 2023 at 01:09:17PM +0200 schrieb Remco van 't Veer:
> > Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and
> > CVE-2023-28756 (ReDoS vulnerability in Time).
> > * gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8.
> > (ruby-2.7)[replacement]: Graft.
>
> Sorry for the delay, I needed to read up on grafts first. Everything looks
> good, a dependent package builds, so I have pushed this and am closing
> the bug.
>
> Thanks!
>
> Andreas
>
>
>
> --- End Message ---