From dcaab97d18985aa2cd009fac5751bc2c60cd9a42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 26 Aug 2024 07:21:52 -0700 Subject: [PATCH 1/2] Update CVE-2024-28103.yml Properly identify the ranges of fixed Rails versions. --- gems/actionpack/CVE-2024-28103.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gems/actionpack/CVE-2024-28103.yml b/gems/actionpack/CVE-2024-28103.yml index 5199fa3243..40fb050574 100644 --- a/gems/actionpack/CVE-2024-28103.yml +++ b/gems/actionpack/CVE-2024-28103.yml @@ -56,9 +56,9 @@ cvss_v3: 5.4 unaffected_versions: - "< 6.1.0" patched_versions: - - "~> 6.1.7.8" - - "~> 7.0.8.4" - - "~> 7.1.3.4" + - "~> 6.1.7", ">= 6.1.7.8" + - "~> 7.0.8", ">= 7.0.8.4" + - "~> 7.1.3", ">= 7.1.3.4" - ">= 7.2.0.beta2" related: url: From 22270ceb47104d57a2142b2e68c0aabb28bd0307 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 26 Aug 2024 07:23:45 -0700 Subject: [PATCH 2/2] Fix YAML syntax --- gems/actionpack/CVE-2024-28103.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gems/actionpack/CVE-2024-28103.yml b/gems/actionpack/CVE-2024-28103.yml index 40fb050574..8878bde1f7 100644 --- a/gems/actionpack/CVE-2024-28103.yml +++ b/gems/actionpack/CVE-2024-28103.yml @@ -56,9 +56,9 @@ cvss_v3: 5.4 unaffected_versions: - "< 6.1.0" patched_versions: - - "~> 6.1.7", ">= 6.1.7.8" - - "~> 7.0.8", ">= 7.0.8.4" - - "~> 7.1.3", ">= 7.1.3.4" + - "~> 6.1.7, >= 6.1.7.8" + - "~> 7.0.8, >= 7.0.8.4" + - "~> 7.1.3, >= 7.1.3.4" - ">= 7.2.0.beta2" related: url: