Use optimistic version constraint for Rails-related CVEs

Fix issues rubysec#244 & rubysec#140 following the approach @reedloden applied @ rubysec@782f008 The idea is to white-list the recently released v4.2.6 Rails version.
dcarral · Mar 9, 2016 · 13319eb · 13319eb
1 parent 19bf00b
commit 13319eb
Show file tree

Hide file tree

Showing 7 changed files with 7 additions and 7 deletions.
diff --git a/gems/actionpack/CVE-2015-7576.yml b/gems/actionpack/CVE-2015-7576.yml
@@ -111,6 +111,6 @@ description: |
 
 patched_versions:
   - "~> 5.0.0.beta1.1"
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
   - "~> 3.2.22.1"
diff --git a/gems/actionpack/CVE-2015-7581.yml b/gems/actionpack/CVE-2015-7581.yml
@@ -51,5 +51,5 @@ unaffected_versions:
   - ">= 5.0.0.beta1"
 
 patched_versions:
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
diff --git a/gems/actionpack/CVE-2016-0751.yml b/gems/actionpack/CVE-2016-0751.yml
@@ -66,6 +66,6 @@ description: |
 
 patched_versions:
   - "~> 5.0.0.beta1.1"
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
   - "~> 3.2.22.1"
diff --git a/gems/actionpack/CVE-2016-2098.yml b/gems/actionpack/CVE-2016-2098.yml
@@ -86,4 +86,4 @@ unaffected_versions:
 patched_versions:
   - "~> 3.2.22.2"
   - "~> 4.1.14.2"
-  - "~> 4.2.5.2"
+  - ">= 4.2.5.2"
diff --git a/gems/actionview/CVE-2016-0752.yml b/gems/actionview/CVE-2016-0752.yml
@@ -87,6 +87,6 @@ description: |
 
 patched_versions:
   - "~> 5.0.0.beta1.1"
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
   - "~> 3.2.22.1"
diff --git a/gems/activemodel/CVE-2016-0753.yml b/gems/activemodel/CVE-2016-0753.yml
@@ -88,5 +88,5 @@ unaffected_versions:
 
 patched_versions:
   - "~> 5.0.0.beta1.1"
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
diff --git a/gems/activerecord/CVE-2015-7577.yml b/gems/activerecord/CVE-2015-7577.yml
@@ -102,6 +102,6 @@ unaffected_versions:
 
 patched_versions:
   - "~> 5.0.0.beta1.1"
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
   - "~> 3.2.22.1"