[DRE-commits] [SCM] ruby-activerecord-2.3.git branch, master, updated. debian/2.3.14-5-2-g889c0fd
Ondřej Surý
ondrej at sury.org
Tue Mar 19 08:19:43 UTC 2013
The following commit has been merged in the master branch:
commit 625b221381df5fb0d96817c5ef757dd5feb911f4
Author: Ondřej Surý <ondrej at sury.org>
Date: Tue Mar 19 09:18:56 2013 +0100
[CVE-2013-1854]: Fix symbol DoS vulnerability in Active Record
diff --git a/debian/patches/CVE-2013-1854.patch b/debian/patches/CVE-2013-1854.patch
new file mode 100644
index 0000000..b178988
--- /dev/null
+++ b/debian/patches/CVE-2013-1854.patch
@@ -0,0 +1,22 @@
+--- a/lib/active_record/base.rb
++++ b/lib/active_record/base.rb
+@@ -2307,7 +2307,7 @@ module ActiveRecord #:nodoc:
+ def expand_hash_conditions_for_aggregates(attrs)
+ expanded_attrs = {}
+ attrs.each do |attr, value|
+- unless (aggregation = reflect_on_aggregation(attr.to_sym)).nil?
++ unless (aggregation = reflect_on_aggregation(attr)).nil?
+ mapping = aggregate_mapping(aggregation)
+ mapping.each do |field_attr, aggregate_attr|
+ if mapping.size == 1 && !value.respond_to?(aggregate_attr)
+--- a/lib/active_record/reflection.rb
++++ b/lib/active_record/reflection.rb
+@@ -18,7 +18,7 @@ module ActiveRecord
+ when :composed_of
+ reflection = AggregateReflection.new(macro, name, options, active_record)
+ end
+- write_inheritable_hash :reflections, name => reflection
++ write_inheritable_hiwa :reflections, name => reflection
+ reflection
+ end
+
diff --git a/debian/patches/series b/debian/patches/series
index b3fba31..c9eb975 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@ activerecord-2.3.5-1.patch
CVE-2013-0155.patch
CVE-2013-0276.patch
CVE-2013-0277.patch
+CVE-2013-1854.patch
--
ruby-activerecord-2.3.git
More information about the Pkg-ruby-extras-commits
mailing list