[DRE-commits] [rails] 02/02: CVE-2016-6316.patch: fix regression with non-string arguments to tag options
Antonio Terceiro
terceiro at moszumanska.debian.org
Tue Aug 23 20:18:32 UTC 2016
This is an automated email from the git hooks/post-receive script.
terceiro pushed a commit to branch debian/jessie
in repository rails.
commit 3a1539d8603286331137ff7b643c4618c8a5b316
Author: Antonio Terceiro <terceiro at debian.org>
Date: Tue Aug 23 17:03:31 2016 -0300
CVE-2016-6316.patch: fix regression with non-string arguments to tag options
---
debian/changelog | 4 ++++
debian/patches/CVE-2016-6316.patch | 2 +-
debian/tests/CVE-2016-6316 | 2 ++
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 2d65552..353fe7c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,10 @@ rails (2:4.1.8-1+deb8u4) jessie-security; urgency=high
[ Salvatore Bonaccorso ]
* add test script for CVE-2016-6316
+ [ Antonio Terceiro ]
+ * CVE-2016-6316.patch: update to fix regression with non-string arguments to
+ tag options
+
-- Antonio Terceiro <terceiro at debian.org> Tue, 23 Aug 2016 16:59:26 -0300
rails (2:4.1.8-1+deb8u3) jessie-security; urgency=high
diff --git a/debian/patches/CVE-2016-6316.patch b/debian/patches/CVE-2016-6316.patch
index 4381974..8bfc02b 100644
--- a/debian/patches/CVE-2016-6316.patch
+++ b/debian/patches/CVE-2016-6316.patch
@@ -20,7 +20,7 @@ Backported-by: Antonio Terceiro <terceiro at debian.org>
value = value.join(" ") if value.is_a?(Array)
value = ERB::Util.h(value) if escape
- %(#{key}="#{value}")
-+ %(#{key}="#{value.gsub(/"/, '"'.freeze)}")
++ %(#{key}="#{value.to_s.gsub(/"/, '"'.freeze)}")
end
end
end
diff --git a/debian/tests/CVE-2016-6316 b/debian/tests/CVE-2016-6316
index 8fa5c62..5be20b8 100755
--- a/debian/tests/CVE-2016-6316
+++ b/debian/tests/CVE-2016-6316
@@ -1,3 +1,5 @@
+#!/usr/bin/ruby
+
# CVE-2016-6316 test
# apt-get install ruby-test-unit
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/rails.git
More information about the Pkg-ruby-extras-commits
mailing list