[DRE-commits] [SCM] ruby-activesupport-2.3.git branch, master, updated. debian/2.3.14-6-2-g003bbad
Ondřej Surý
ondrej at sury.org
Tue Mar 19 08:57:44 UTC 2013
The following commit has been merged in the master branch:
commit 5a8d6c6b7b2c03a4ea63f192b37963d5a12b2803
Author: Ondřej Surý <ondrej at sury.org>
Date: Tue Mar 19 09:21:45 2013 +0100
[CVE-2013-1854]: Fix symbol DoS vulnerability in Active Record
diff --git a/debian/patches/CVE-2013-1854.patch b/debian/patches/CVE-2013-1854.patch
new file mode 100644
index 0000000..cb43830
--- /dev/null
+++ b/debian/patches/CVE-2013-1854.patch
@@ -0,0 +1,14 @@
+--- a/lib/active_support/core_ext/class/inheritable_attributes.rb
++++ b/lib/active_support/core_ext/class/inheritable_attributes.rb
+@@ -109,6 +109,11 @@ class Class # :nodoc:
+ write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash))
+ end
+
++ def write_inheritable_hiwa(key, hash)
++ write_inheritable_attribute(key, {}.with_indifferent_access) if read_inheritable_attribute(key).nil?
++ write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash))
++ end
++
+ def read_inheritable_attribute(key)
+ inheritable_attributes[key]
+ end
diff --git a/debian/patches/series b/debian/patches/series
index 98eb2b7..61bb125 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
0002-remove_rubygems_require.patch
CVE-2013-0156.patch
CVE-2013-0333.patch
+CVE-2013-1854.patch
--
ruby-activesupport-2.3.git
More information about the Pkg-ruby-extras-commits
mailing list