There were security patches released last week for all versions of Ruby
in the ports tree. Today they released new versions of Ruby 2.5 and
2.6. So we'll use the new versions of Ruby 2.5 and 2.6, and for Ruby
2.4, we'll use an upstream patch taken from the bugtracker.
Vulnerability Announcement:
This updates to the latest version of ruby 2.3, 2.4, and 2.5. Upstream
released new versions yesterday containing patches for the following
CVEs:
2017-17742:
https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
2018-6914:
https://www.ruby-lang.org/en/n
This updates lang/ruby/2.{1,2,3,4} and devel/ruby-gems in 6.2-stable
to fix the recent rubygems security issues. See:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
https://blog.rubygems.org/2018/02/15/2.7.6-released.html
For ruby 2.2, 2.3, and 2.4, this just
