nixpkgs/pkgs/development/interpreters/ruby/rubygems-src.nix
Peter Hoeg 9f51b3c105 rubygems: 2.6.10 -> 2.6.13
Fixes a number of CVEs:

- a DNS request hijacking vulnerability. (CVE-2017-0902)
- an ANSI escape sequence vulnerability. (CVE-2017-0899)
- a DoS vulnerability in the query command. (CVE-2017-0900)
- a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)
2017-09-08 12:07:55 +08:00

8 lines
211 B
Nix

{ fetchurl
, version ? "2.6.13"
, sha256 ? "1j98ww8cz9y4wwshg7p4i4acrmls3ywkyj1nlkh4k3bywwm50hfh"
}:
fetchurl {
url = "http://production.cf.rubygems.org/rubygems/rubygems-${version}.tgz";
sha256 = sha256;
}