Created attachment 223837 [details] Patch file Update to 2.6.7, which includes fix of CVE-2021-28965. Release Note: https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-6-7-released/ Bug #254793 describes vulnerability fixed with this release. So please commit it together.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=421b0b3639c3168a9b9f283cf96874b87a1bfc73 commit 421b0b3639c3168a9b9f283cf96874b87a1bfc73 Author: Koichiro Iwao <meta@FreeBSD.org> AuthorDate: 2021-04-06 12:53:56 +0000 Commit: Koichiro Iwao <meta@FreeBSD.org> CommitDate: 2021-04-06 13:21:42 +0000 lang/ruby26: Update to 2.6.7 PR: 254800 Reported by: Yasuhiro Kimura <yasu@utahime.org> Reviewed by: meta (myself) Relnotes: https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-6-7-released/ Security: CVE-2020-25613 Security: CVE-2021-28965 Mk/bsd.ruby.mk | 4 +-- lang/ruby26/distinfo | 6 ++-- lang/ruby26/pkg-plist | 98 +++++++++++++++++++++++++++------------------------ 3 files changed, 56 insertions(+), 52 deletions(-)
Committed, thanks!