ruby: update to 2.4.3
This fixes a segfault in arm64 multilib.
Drop CVE-2017-14064.patch
Additional CVE included are 2.4.3:
CVE-2017-17405: Command injection vulnerability in Net::FTP
Additional CVE included are 2.4.2:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Ruby Gems:
DNS request hijacking vulnerability. (CVE-2017-0902)
ANSI escape sequence vulnerability. (CVE-2017-0899)
DoS vulnerability in the query command. (CVE-2017-0900)
vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit
4ba60ef149da41b1adc48f7a6c0aa1a14905a4e3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
