git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Divya Chellam <divya.chellam@windriver.com>
	Thu, 20 Nov 2025 09:37:22 +0000 (15:07 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Thu, 20 Nov 2025 15:28:22 +0000 (07:28 -0800)
commit	6b2a2e689a69deef6098f6c266542234e46fb24b
tree	ec4e9f626168de6fd01aac5303f8dbab82314efb	tree \| snapshot
parent	6e0b70843422cd7cdb25a9e1520dd64bf701fea6	commit \| diff

ruby: fix CVE-2024-41123

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS
vulnerabilities when it parses an XML that has many specific characters
such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later
include the patches to fix these vulnerabilities.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41123

Upstream-patches:
https://github.com/ruby/rexml/commit/2c39c91a65d69357cfbc35dd8079b3606d86bb70
https://github.com/ruby/rexml/commit/4444a04ece4c02a7bd51e8c75623f22dc12d882b
https://github.com/ruby/rexml/commit/ebc3e85bfa2796fb4922c1932760bec8390ff87c
https://github.com/ruby/rexml/commit/6cac15d45864c8d70904baa5cbfcc97181000960
https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/ruby/ruby_3.1.3.bb		diff \| blob \| blame \| history