A security issue fixed upstream in ruby-bundler 2.2.33 has been announced: https://blog.sonarsource.com/securing-developer-tools-package-managers
Status comment: (none) => Fixed upstream in ruby-bundler 2.2.33
Fix pushed in mga8: src: - ruby-2.7.5-33.3.mga8
Assignee: pterjan => qa-bugsStatus comment: Fixed upstream in ruby-bundler 2.2.33 => (none)CC: (none) => mageia, pterjan
Nicolas applied a patch for CVE-2021-43809. ruby-2.7.5-33.3.mga8 ruby-rdoc-6.2.1.1-33.3.mga8 libruby2.7-2.7.5-33.3.mga8 ruby-devel-2.7.5-33.3.mga8 ruby-bundler-2.2.24-33.3.mga8 ruby-RubyGems-3.1.2-33.3.mga8 ruby-openssl-2.1.3-33.3.mga8 ruby-test-unit-3.3.4-33.3.mga8 ruby-rake-13.0.1-33.3.mga8 ruby-irb-2.7.5-33.3.mga8 ruby-psych-3.1.0-33.3.mga8 ruby-bigdecimal-2.0.0-33.3.mga8 ruby-json-2.3.0-33.3.mga8 ruby-xmlrpc-0.3.0-33.3.mga8 ruby-net-telnet-0.2.0-33.3.mga8 ruby-io-console-0.5.6-33.3.mga8 ruby-power_assert-1.1.7-33.3.mga8 ruby-did_you_mean-1.4.0-33.3.mga8 ruby-doc-2.7.5-33.3.mga8 ruby-2.7.5-33.3.mga8.src.rpm
mageia8, x86_64 19 packages updated cleanly. Put ruby through its paces as in previous tests. $ ruby --version ruby 2.7.5p203 (2021-11-24 revision f69aeb8314) [x86_64-linux] $ irb irb(main):001:0> Dir.entries( "." ) => [".", "..", "rpcbomb.rb", "animate.rb", "#report.22844#", "circular.rb", [...] irb(main):002:0> fruit = %( apples pears oranges lemons ).upcase => " APPLES PEARS ORANGES LEMONS " irb(main):003:0> a = [7, 1, -11, 3] => [7, 1, -11, 3] irb(main):004:0> b = [3.1]*5 => [3.1, 3.1, 3.1, 3.1, 3.1] irb(main):005:0> c = [a, b, Math.cos( 0.0 )] => [[7, 1, -11, 3], [3.1, 3.1, 3.1, 3.1, 3.1], 1.0] irb(main):006:0> c.flatten.inject( :+ ) => 16.5 irb(main):007:0> exit $ ruby -e "puts (1..10).inject( &:+ )" 55 $ gem list *** LOCAL GEMS *** astro_moon (0.2) benchmark (default: 0.1.0) bigdecimal (2.0.0) bundler (2.2.24) cgi (default: 0.1.0.1) concurrent-ruby (1.1.9, 1.1.7) connection_pool (2.2.3) csv (default: 3.1.2) date (default: 3.0.3) [...] Most of my homespun utilities depend on ruby and ruby-tk. They all continue to work. facter, puppet, and vagrant use ruby. puppet does not work currently. $ facter architecture => x86_64 blockdevice_sda_model => KINGSTON SV300S3 blockdevice_sda_size => 240057409536 blockdevice_sda_vendor => ATA ....... That returns a long list of information about the system. Installed vagrant. From the web: "Vagrant is a simple virtual machine manager for your terminal. It allows you to easily pull a minimal and pre-built virtual machine from the Internet, run it locally, and SSH into it in just a few steps." Tutorial at https://www.geeksforgeeks.org/what-is-vagrant/ Not getting into that but tried to launch it. $ vagrant ..... /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:83:in `require': cannot load such file -- vagrant_cloud (LoadError) $ sudo gem install vagrant_cloud ..... 4 gems installed cli invocation failed again in the same way. Green light for ruby anyway.
CC: (none) => tarazed25Whiteboard: (none) => MGA8-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0102.html
Status: NEW => RESOLVEDResolution: (none) => FIXED