From: Markus Koschany <apo@debian.org> Date: Sun, 29 Apr 2018 21:41:43 +0200 Subject: CVE-2018-1000078 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778 Origin: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb --- lib/ruby/shared/rubygems/server.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ruby/shared/rubygems/server.rb b/lib/ruby/shared/rubygems/server.rb index 7655be2..aa9604d 100644 --- a/lib/ruby/shared/rubygems/server.rb +++ b/lib/ruby/shared/rubygems/server.rb @@ -634,7 +634,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; } "only_one_executable" => (executables && executables.size == 1), "full_name" => spec.full_name, "has_deps" => !deps.empty?, - "homepage" => spec.homepage, + "homepage" => (URI.parse(spec.homepage).is_a?(URI::HTTP) || URI.parse(spec.homepage).is_a?(URI::HTTPS)) ? spec.homepage : ".", "name" => spec.name, "rdoc_installed" => Gem::RDoc.new(spec).rdoc_installed?, "ri_installed" => Gem::RDoc.new(spec).ri_installed?,