Merge rubygems-2.6.14 changes.

It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60149 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-09-15 08:33:58 +02:00 · 2017-10-10 08:58:22 +00:00 · 2017-10-10 08:58:22 +00:00 · 500f15e507
commit 500f15e507
parent 6d86ee593a
6 changed files with 55 additions and 6 deletions
--- a/lib/rubygems/package/old.rb
+++ b/lib/rubygems/package/old.rb
@ -101,7 +101,7 @@ class Gem::Package::Old < Gem::Package
      header << line
    end

-    YAML.load header
+    Gem::SafeYAML.safe_load header
  end

  ##