ruby-core@ruby-lang.org archive (unofficial mirror)
 help / color / mirror / Atom feed
* [ruby-core:118796] [Ruby master Bug#20667] Backport ReXML CVE fixes
@ 2024-08-05  8:27 vo.x (Vit Ondruch) via ruby-core
  2024-08-17 12:42 ` [ruby-core:118868] [Ruby master Bug#20667] Backport REXML " nagachika (Tomoyuki Chikanaga) via ruby-core
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: vo.x (Vit Ondruch) via ruby-core @ 2024-08-05  8:27 UTC (permalink / raw)
  To: ruby-core; +Cc: vo.x (Vit Ondruch)

Issue #20667 has been reported by vo.x (Vit Ondruch).

----------------------------------------
Bug #20667: Backport ReXML CVE fixes
https://bugs.ruby-lang.org/issues/20667

* Author: vo.x (Vit Ondruch)
* Status: Open
* ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux]
* Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN
----------------------------------------
It would be nice to have the recent ReXML CVE fixes backported everywhere.

BTW it is surprising that ReXML was recently bumped in 3.1 / 3.2 branches, but 3.3 brach stays with older ReXML 3.2.



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [ruby-core:118868] [Ruby master Bug#20667] Backport REXML CVE fixes
  2024-08-05  8:27 [ruby-core:118796] [Ruby master Bug#20667] Backport ReXML CVE fixes vo.x (Vit Ondruch) via ruby-core
@ 2024-08-17 12:42 ` nagachika (Tomoyuki Chikanaga) via ruby-core
  2024-09-02  9:53 ` [ruby-core:119005] " k0kubun (Takashi Kokubun) via ruby-core
  2024-09-02  9:53 ` [ruby-core:119006] " k0kubun (Takashi Kokubun) via ruby-core
  2 siblings, 0 replies; 4+ messages in thread
From: nagachika (Tomoyuki Chikanaga) via ruby-core @ 2024-08-17 12:42 UTC (permalink / raw)
  To: ruby-core; +Cc: nagachika (Tomoyuki Chikanaga)

Issue #20667 has been updated by nagachika (Tomoyuki Chikanaga).

Backport changed from 3.1: REQUIRED, 3.2: REQUIRED, 3.3: REQUIRED to 3.1: REQUIRED, 3.2: DONE, 3.3: REQUIRED

ruby_3_2 commit:0f2f6b31aa6433fd800f0621b5bedbaf0da12a6f merged revision(s) commit:2a7da0b6e76929c684cd948630a897c1d5b16c26.

----------------------------------------
Bug #20667: Backport REXML CVE fixes
https://bugs.ruby-lang.org/issues/20667#change-109440

* Author: vo.x (Vit Ondruch)
* Status: Closed
* ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux]
* Backport: 3.1: REQUIRED, 3.2: DONE, 3.3: REQUIRED
----------------------------------------
It would be nice to have the recent REXML CVE fixes backported everywhere.

BTW it is surprising that REXML was recently bumped in 3.1 / 3.2 branches, but 3.3 branch stays with older REXML 3.2.



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [ruby-core:119005] [Ruby master Bug#20667] Backport REXML CVE fixes
  2024-08-05  8:27 [ruby-core:118796] [Ruby master Bug#20667] Backport ReXML CVE fixes vo.x (Vit Ondruch) via ruby-core
  2024-08-17 12:42 ` [ruby-core:118868] [Ruby master Bug#20667] Backport REXML " nagachika (Tomoyuki Chikanaga) via ruby-core
@ 2024-09-02  9:53 ` k0kubun (Takashi Kokubun) via ruby-core
  2024-09-02  9:53 ` [ruby-core:119006] " k0kubun (Takashi Kokubun) via ruby-core
  2 siblings, 0 replies; 4+ messages in thread
From: k0kubun (Takashi Kokubun) via ruby-core @ 2024-09-02  9:53 UTC (permalink / raw)
  To: ruby-core; +Cc: k0kubun (Takashi Kokubun)

Issue #20667 has been updated by k0kubun (Takashi Kokubun).

Backport changed from 3.1: REQUIRED, 3.2: DONE, 3.3: REQUIRED to 3.1: REQUIRED, 3.2: DONE, 3.3: DONE

ruby_3_3 commit:e0e23e7d5eb4da42c490b1d3408bd6e5047e8f83 merged revision(s) commit:29500e30346.

----------------------------------------
Bug #20667: Backport REXML CVE fixes
https://bugs.ruby-lang.org/issues/20667#change-109580

* Author: vo.x (Vit Ondruch)
* Status: Closed
* ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux]
* Backport: 3.1: REQUIRED, 3.2: DONE, 3.3: DONE
----------------------------------------
It would be nice to have the recent REXML CVE fixes backported everywhere.

BTW it is surprising that REXML was recently bumped in 3.1 / 3.2 branches, but 3.3 branch stays with older REXML 3.2.



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [ruby-core:119006] [Ruby master Bug#20667] Backport REXML CVE fixes
  2024-08-05  8:27 [ruby-core:118796] [Ruby master Bug#20667] Backport ReXML CVE fixes vo.x (Vit Ondruch) via ruby-core
  2024-08-17 12:42 ` [ruby-core:118868] [Ruby master Bug#20667] Backport REXML " nagachika (Tomoyuki Chikanaga) via ruby-core
  2024-09-02  9:53 ` [ruby-core:119005] " k0kubun (Takashi Kokubun) via ruby-core
@ 2024-09-02  9:53 ` k0kubun (Takashi Kokubun) via ruby-core
  2 siblings, 0 replies; 4+ messages in thread
From: k0kubun (Takashi Kokubun) via ruby-core @ 2024-09-02  9:53 UTC (permalink / raw)
  To: ruby-core; +Cc: k0kubun (Takashi Kokubun)

Issue #20667 has been updated by k0kubun (Takashi Kokubun).


Please consider filing a backport PR to stable branches next time.

----------------------------------------
Bug #20667: Backport REXML CVE fixes
https://bugs.ruby-lang.org/issues/20667#change-109581

* Author: vo.x (Vit Ondruch)
* Status: Closed
* ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux]
* Backport: 3.1: REQUIRED, 3.2: DONE, 3.3: DONE
----------------------------------------
It would be nice to have the recent REXML CVE fixes backported everywhere.

BTW it is surprising that REXML was recently bumped in 3.1 / 3.2 branches, but 3.3 branch stays with older REXML 3.2.



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-09-02  9:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-08-05  8:27 [ruby-core:118796] [Ruby master Bug#20667] Backport ReXML CVE fixes vo.x (Vit Ondruch) via ruby-core
2024-08-17 12:42 ` [ruby-core:118868] [Ruby master Bug#20667] Backport REXML " nagachika (Tomoyuki Chikanaga) via ruby-core
2024-09-02  9:53 ` [ruby-core:119005] " k0kubun (Takashi Kokubun) via ruby-core
2024-09-02  9:53 ` [ruby-core:119006] " k0kubun (Takashi Kokubun) via ruby-core

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).