diff options
author | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-10-10 08:58:22 +0000 |
---|---|---|
committer | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-10-10 08:58:22 +0000 |
commit | 500f15e5079026f3da993b404f7474aa3c69cc0a (patch) | |
tree | 5d03277ea27cf1be4b4616482693be01fdf6f0e4 /lib/rubygems/package.rb | |
parent | 6d86ee593a78221bfadd99fd9edf41eb5a985cc7 (diff) |
Merge rubygems-2.6.14 changes.
It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60149 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/rubygems/package.rb')
-rw-r--r-- | lib/rubygems/package.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb index c36e71d800..77811ed5ec 100644 --- a/lib/rubygems/package.rb +++ b/lib/rubygems/package.rb @@ -468,7 +468,7 @@ EOM @checksums = gem.seek 'checksums.yaml.gz' do |entry| Zlib::GzipReader.wrap entry do |gz_io| - YAML.load gz_io.read + Gem::SafeYAML.safe_load gz_io.read end end end |