ruby: fix CVE-2024-27280 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2024-06-21 12:25:27 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-06-26 05:04:39 -0700
commit	52f1435174e2b2c35e9ffe02fe7fbb65c7ff7e60 (patch)
tree	e15d4ed3973cb2631fa7222c274dfdf141a46916 /scripts/lib/devtool/deploy.py
parent	064e000b18e10c14c4d2e602d498ec119e62f921 (diff)
download	poky-52f1435174e2b2c35e9ffe02fe7fbb65c7ff7e60.tar.gz

ruby: fix CVE-2024-27280

A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-27280 (From OE-Core rev: 729310d17310dff955c51811ff3339fdbc017b95) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/deploy.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: