search

oneclick / rubyinstaller2

MSYS2 based RubyInstaller for Windows
https://rubyinstaller.org
BSD 3-Clause "New" or "Revised" License
646 stars 248 forks source link

CVE-2022-28739: Buffer overrun in String-to-Float conversion #273

Closed shpatel2 closed 2 years ago

shpatel2 commented 2 years ago

What problems are you experiencing?

Ruby version 2.7.6 is released which fixes CVE-2022-28739: Buffer overrun in String-to-Float conversion, however RubyInstaller isn't updated.

Please see: https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/

Steps to reproduce

N/A

What's the output from ridk version?

n/A

larskanis commented 2 years ago

Sorry for the delay! This ruby release series arrived me at the worst point in time - just when I started into vacation with no suitable internet connection. And https://github.com/oneclick/rubyinstaller2/issues/274 blocked a quick release. I'll make the releases today.

shyamrox commented 2 years ago

@larskanis Thank you!

larskanis commented 2 years ago

New releases are public: https://rubyinstaller.org/2022/04/20/rubyinstaller-3.1.2-1-3.0.4-1-2.7.6-1-and-2.6.10-1-released.html