diff options
| author | Tim Smith <tsmith@chef.io> | 2019-03-06 12:08:29 -0800 |
|---|---|---|
| committer | Tim Smith <tsmith@chef.io> | 2019-03-06 12:08:29 -0800 |
| commit | 7894cdddfbb2306ef7c477be14d62ae06b8b4bcd (patch) | |
| tree | eaa6bcae75466745c7378dbfd673d28c8ad4998a | |
| parent | 2399a3cfc6e2cbac17eee62005fb104acf937875 (diff) | |
| download | chef-7894cdddfbb2306ef7c477be14d62ae06b8b4bcd.tar.gz | |
Bump Rubygems to 2.7.9 and add that to the release notes
Use the latest / greatest
Signed-off-by: Tim Smith <tsmith@chef.io>
| -rw-r--r-- | RELEASE_NOTES.md | 13 | ||||
| -rw-r--r-- | omnibus_overrides.rb | 2 |
2 files changed, 12 insertions, 3 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 10cc803308..2695b8264c 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -35,7 +35,6 @@ InSpec has been updated from 3.4.1 to 3.7.1. This new release contains improveme ## Updated Components - bundler 1.16.1 -> 1.17.3 -- rubygems 2.7.6 -> 2.7.8 - libxml2 2.9.7 -> 2.9.9 - ca-certs updated to 2019-01-22 for new roots @@ -43,7 +42,17 @@ InSpec has been updated from 3.4.1 to 3.7.1. This new release contains improveme ### OpenSSL -OpenSSL has been updated to 1.0.2r in order to resolve ([CVE-2019-1559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559)) +OpenSSL has been updated to 1.0.2r in order to resolve [CVE-2019-1559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559) + +### RubyGems + +RubyGems has been updated to 2.7.9 in order to resolve the following CVEs: + - [CVE-2019-8320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320): Delete directory using symlink when decompressing tar + - [CVE-2019-8321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321): Escape sequence injection vulnerability in verbose + - [CVE-2019-8322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322): Escape sequence injection vulnerability in gem owner + - [CVE-2019-8323](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323): Escape sequence injection vulnerability in API response handling + - [CVE-2019-8324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324): Installing a malicious gem may lead to arbitrary code execution + - [CVE-2019-8325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325): Escape sequence injection vulnerability in errors # Chef Client Release Notes 14.10: diff --git a/omnibus_overrides.rb b/omnibus_overrides.rb index ffd6875d2a..1b789bc926 100644 --- a/omnibus_overrides.rb +++ b/omnibus_overrides.rb @@ -4,7 +4,7 @@ # # NOTE: You MUST update omnibus-software when adding new versions of # software here: bundle exec rake dependencies:update_omnibus_gemfile_lock -override :rubygems, version: "2.7.8" +override :rubygems, version: "2.7.9" override :bundler, version: "1.17.3" override "nokogiri", version: "1.10.1" override "libffi", version: "3.2.1" |