From 9f51b3c105a5302691552b166f3cbc0581bd85b4 Mon Sep 17 00:00:00 2001
From: Peter Hoeg <peter@hoeg.com>
Date: Fri, 8 Sep 2017 12:07:55 +0800
Subject: [PATCH] rubygems: 2.6.10 -> 2.6.13

Fixes a number of CVEs:

- a DNS request hijacking vulnerability. (CVE-2017-0902)
- an ANSI escape sequence vulnerability. (CVE-2017-0899)
- a DoS vulnerability in the query command. (CVE-2017-0900)
- a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)
---
 pkgs/development/interpreters/ruby/rubygems-src.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/interpreters/ruby/rubygems-src.nix b/pkgs/development/interpreters/ruby/rubygems-src.nix
index 7658c303a1e..99870e6ba2c 100644
--- a/pkgs/development/interpreters/ruby/rubygems-src.nix
+++ b/pkgs/development/interpreters/ruby/rubygems-src.nix
@@ -1,6 +1,6 @@
 { fetchurl
-, version ? "2.6.10"
-, sha256 ? "364c0eee8e0c9e8ab4879c5035832e5a27f0c97292d2264af5ae0020585280f0"
+, version ? "2.6.13"
+, sha256 ? "1j98ww8cz9y4wwshg7p4i4acrmls3ywkyj1nlkh4k3bywwm50hfh"
 }:
 fetchurl {
   url = "http://production.cf.rubygems.org/rubygems/rubygems-${version}.tgz";