system/ruby: multiple vulnerabilities: CVE-2022-28738, CVE-2022-28739
https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
Posted by naruse and mame on 12 Apr 2022
Ruby 3.1.2 has been released.
This release includes security fixes. Please check the topics below for details.
CVE-2022-28738: Double free in Regexp compilation
CVE-2022-28739: Buffer overrun in String-to-Float conversion
These CVEs are not yet publicly visible.
Fixed here: https://github.com/ruby/ruby/commit/73f45e5e96ccc13a131f7c0122cf8600ce5b930f