Overview
Request 223723 accepted
install the patched gem
with the previous commit, we were patching the gem but installing the original
one, resulting in an unpatched installation (both the gem and the unpacked files
under /usr/lib64/ruby...)
this commit installs the patched gem, thus both the gem and the unpacked files
are patched
- fix rubygem patches are not applied to the gem but only to the tree
(bnc#864873)
- fix CVE-2014-0081: XSS Vulnerability in number_to_currency,
number_to_percentage and number_to_human (bnc#864433)
- fix CVE-2014-0082: Denial of Service Vulnerability in Action View
when using render :text (bnc#864431)
- added patches:
* CVE-2014-0081.patch: contains fix for CVE-2014-0081
* CVE-2014-0082.patch: contains fix for CVE-2014-0082
- Created by jordimassaguerpla
- In state accepted
Request History
jordimassaguerpla created request
install the patched gem
with the previous commit, we were patching the gem but installing the original
one, resulting in an unpatched installation (both the gem and the unpacked files
under /usr/lib64/ruby...)
this commit installs the patched gem, thus both the gem and the unpacked files
are patched
- fix rubygem patches are not applied to the gem but only to the tree
(bnc#864873)
- fix CVE-2014-0081: XSS Vulnerability in number_to_currency,
number_to_percentage and number_to_human (bnc#864433)
- fix CVE-2014-0082: Denial of Service Vulnerability in Action View
when using render :text (bnc#864431)
- added patches:
* CVE-2014-0081.patch: contains fix for CVE-2014-0081
* CVE-2014-0082.patch: contains fix for CVE-2014-0082
msmeissn accepted request
ok