From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruby-core-bounces@ruby-lang.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS4713 221.184.0.0/13
X-Spam-Status: No, score=-2.6 required=3.0 tests=AWL,BAYES_00,
	DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FORGED_FROMDOMAIN,
	FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=no
	autolearn_force=no version=3.4.2
Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75])
	by dcvr.yhbt.net (Postfix) with ESMTP id 15C7B1F463
	for <normalperson@yhbt.net>; Sun, 15 Dec 2019 07:21:14 +0000 (UTC)
Received: from neon.ruby-lang.org (localhost [IPv6:::1])
	by neon.ruby-lang.org (Postfix) with ESMTP id 4047B120A77;
	Sun, 15 Dec 2019 16:21:02 +0900 (JST)
Received: from o1678948x4.outbound-mail.sendgrid.net
 (o1678948x4.outbound-mail.sendgrid.net [167.89.48.4])
 by neon.ruby-lang.org (Postfix) with ESMTPS id 51C84120A67
 for <ruby-core@ruby-lang.org>; Sun, 15 Dec 2019 16:20:59 +0900 (JST)
Received: by filter0064p3iad2.sendgrid.net with SMTP id
 filter0064p3iad2-5338-5DF5DEE0-28
 2019-12-15 07:21:04.910248476 +0000 UTC m=+219549.899154255
Received: from herokuapp.com (unknown [184.72.70.224])
 by ismtpd0050p1iad1.sendgrid.net (SG) with ESMTP id tIhrm37qTvGN2JNN5iBsqg
 for <ruby-core@ruby-lang.org>; Sun, 15 Dec 2019 07:21:04.777 +0000 (UTC)
Date: Sun, 15 Dec 2019 07:21:04 +0000 (UTC)
From: nagachika00@gmail.com
Message-ID: <redmine.journal-83135.20191215072104.ac692b092803a2f0@ruby-lang.org>
References: <redmine.issue-16279.20191025033255@ruby-lang.org>
Mime-Version: 1.0
X-Redmine-MailingListIntegration-Message-Ids: 71898
X-Redmine-Project: ruby-trunk
X-Redmine-Issue-Id: 16279
X-Redmine-Issue-Author: twk3
X-Redmine-Issue-Assignee: hsbt
X-Redmine-Sender: nagachika
X-Mailer: Redmine
X-Redmine-Host: bugs.ruby-lang.org
X-Redmine-Site: Ruby Issue Tracking System
X-Auto-Response-Suppress: All
Auto-Submitted: auto-generated
X-SG-EID: =?us-ascii?Q?O2wxg26uOO6cft6GjkEp=2FGevTnH9lR=2FEdG60AX3F8=2FAkZ8Wd4XOV8FArnpfesM?=
 =?us-ascii?Q?=2FUoCRHFBJb=2F5LOuXdjQofbNGZWoBzFmDNlIZBX9?=
 =?us-ascii?Q?94syXYHUMG+OIJS6TtKF1KWZU2CxWjl+ChXiCQG?=
 =?us-ascii?Q?EmrxjTbzoGMKr1ghAik49+gJEufmx21lISie8HG?=
 =?us-ascii?Q?tqTdZehOmbDGoov4+DyS9ba+1xsPofgp8sw=3D=3D?=
To: ruby-core@ruby-lang.org
X-ML-Name: ruby-core
X-Mail-Count: 96243
Subject: [ruby-core:96243] [Ruby master Bug#16279] Backport 463092b8
X-BeenThere: ruby-core@ruby-lang.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Ruby developers <ruby-core@ruby-lang.org>
List-Id: Ruby developers <ruby-core.ruby-lang.org>
List-Unsubscribe: <https://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
List-Post: <mailto:ruby-core@ruby-lang.org>
List-Help: <mailto:ruby-core-request@ruby-lang.org?subject=help>
List-Subscribe: <https://lists.ruby-lang.org/cgi-bin/mailman/listinfo/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ruby-core-bounces@ruby-lang.org
Sender: "ruby-core" <ruby-core-bounces@ruby-lang.org>

Issue #16279 has been updated by nagachika (Tomoyuki Chikanaga).

Backport changed from 2.5: REQUIRED, 2.6: REQUIRED to 2.5: REQUIRED, 2.6: DONE

ruby_2_6 r67833 merged revision(s) 463092b84da7933f307cc8747f948f68ef19f5fd.

----------------------------------------
Bug #16279: Backport 463092b8
https://bugs.ruby-lang.org/issues/16279#change-83135

* Author: twk3 (DJ Mountney)
* Status: Closed
* Priority: Normal
* Assignee: hsbt (Hiroshi SHIBATA)
* Target version: 
* ruby -v: 
* Backport: 2.5: REQUIRED, 2.6: DONE
----------------------------------------
Please backport the rake 12.3.3 update into the stable releases 

rev: 463092b84da7933f307cc8747f948f68ef19f5fd

This patch resolves a public disclosed minor security issue: https://hackerone.com/reports/651518

And causes the current version of ruby to fail security scanning tests.



-- 
https://bugs.ruby-lang.org/