Bug 1395796

Summary: Rebase to the latest Ruby 2.3 point release
Product: Red Hat Software Collections Reporter: Vít Ondruch <vondruch>
Component: rubyAssignee: Pavel Valena <pvalena>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rh-ruby23CC: bgollahe, dkochuka, hhorak, jorton, pvalena, qe-baseos-apps, skippy
Target Milestone: ---Keywords: FutureFeature, Rebase
Target Release: 3.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Rebase package(s) to version: 2.3.6 Highlights, important fixes, or notable enhancements: Upgrade to rubygems 2.5.2.2 Upgrade to molinillo 0.4.1 Upgrade to json 1.8.3.1 Upgrade to minitest 5.8.5 Upgrade to psych 2.1.0.1
 Story Points: ---
Clone Of: 1280296
: 1549649 (view as bug list) Environment:
Last Closed: 2019-06-19 11:02:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1549649    

Description Vít Ondruch 2016-11-16 17:09:06 UTC 
New Ruby 2.3 release is available. We should consider rebase.

https://www.ruby-lang.org/en/news/2016/11/15/ruby-2-3-2-released/
Comment 2 Vít Ondruch 2017-04-03 08:52:54 UTC 
https://www.ruby-lang.org/en/news/2017/03/30/ruby-2-3-4-released/
Comment 4 Pavel Valena 2017-09-15 16:28:35 UTC 
Latest Ruby 2.3 release:
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/

Contains fixes for:
 - CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
 - CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
 - CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
 - CVE-2017-14064: Heap exposure in generating JSON
 - Multiple vulnerabilities in RubyGems
Comment 5 Vít Ondruch 2017-12-15 09:02:38 UTC 
Ruby 2.3.6 is available:

https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-3-6-released/