[DRE-commits] [rails] 02/02: CVE-2016-6316.patch: fix regression with non-string arguments to tag options

Antonio Terceiro terceiro at moszumanska.debian.org
Tue Aug 23 20:18:32 UTC 2016 

This is an automated email from the git hooks/post-receive script.

terceiro pushed a commit to branch debian/jessie
in repository rails.

commit 3a1539d8603286331137ff7b643c4618c8a5b316
Author: Antonio Terceiro <terceiro at debian.org>
Date:   Tue Aug 23 17:03:31 2016 -0300

    CVE-2016-6316.patch: fix regression with non-string arguments to tag options
---
 debian/changelog                   | 4 ++++
 debian/patches/CVE-2016-6316.patch | 2 +-
 debian/tests/CVE-2016-6316         | 2 ++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 2d65552..353fe7c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,10 @@ rails (2:4.1.8-1+deb8u4) jessie-security; urgency=high
   [ Salvatore Bonaccorso ]
   * add test script for CVE-2016-6316
 
+  [ Antonio Terceiro ]
+  * CVE-2016-6316.patch: update to fix regression with non-string arguments to
+    tag options
+
  -- Antonio Terceiro <terceiro at debian.org>  Tue, 23 Aug 2016 16:59:26 -0300
 
 rails (2:4.1.8-1+deb8u3) jessie-security; urgency=high
diff --git a/debian/patches/CVE-2016-6316.patch b/debian/patches/CVE-2016-6316.patch
index 4381974..8bfc02b 100644
--- a/debian/patches/CVE-2016-6316.patch
+++ b/debian/patches/CVE-2016-6316.patch
@@ -20,7 +20,7 @@ Backported-by: Antonio Terceiro <terceiro at debian.org>
            value = value.join(" ") if value.is_a?(Array)
            value = ERB::Util.h(value) if escape
 -          %(#{key}="#{value}")
-+          %(#{key}="#{value.gsub(/"/, '"'.freeze)}")
++          %(#{key}="#{value.to_s.gsub(/"/, '"'.freeze)}")
          end
      end
    end
diff --git a/debian/tests/CVE-2016-6316 b/debian/tests/CVE-2016-6316
index 8fa5c62..5be20b8 100755
--- a/debian/tests/CVE-2016-6316
+++ b/debian/tests/CVE-2016-6316
@@ -1,3 +1,5 @@
+#!/usr/bin/ruby
+
 # CVE-2016-6316 test
 # apt-get install ruby-test-unit
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/rails.git

More information about the Pkg-ruby-extras-commits mailing list