Add patched version for CVE-2013-1656#702
Add patched version for CVE-2013-1656#702oussama-rahali wants to merge 4 commits intorubysec:masterfrom
Conversation
postmodern
left a comment
postmodern
left a comment
There was a problem hiding this comment.
Please add the commit URL and any other URLs to the related: URLs list. That would be really useful to others!
| related: | ||
| url: | ||
| - https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed | ||
| - https://github.com/spree/spree/commit/70092eb55b8be8fe5d21a7658b62da658612fba7 No newline at end of file |
There was a problem hiding this comment.
| - https://github.com/spree/spree/commit/70092eb55b8be8fe5d21a7658b62da658612fba7 | |
| - https://github.com/spree/spree/commit/70092eb55b8be8fe5d21a7658b62da658612fba7 |
There was a problem hiding this comment.
I think your editor is automatically adding the newline.
There was a problem hiding this comment.
@v0lck3r GitHub isn't allowing me to use the Suggested change. GitHub is claiming there is no difference between them, even though it's supposed to remove the last newline.
There was a problem hiding this comment.
@postmodern tbh I see no extra line. the file is still 25 lines total after adding the new reference, compared to the 24 lines in the original file .
Can you double check please !
|
Closing this since the changes have already been made to master by commit 386b1cf. |
2 participants
Based on the following commit, which was found here, the patched version is
2.0.0.rc1.Aslo versions after
1.3.2and before2.0.0.rc1(aka1.3.3,1.3.4and1.3.5) do not contain updates for the files concerned (See for example payment_methods_controller.rb where the last update dates back to 2012, i.e. before the vulnerability was patched). Thus, we can say that the patched version is2.0.0.rc1with a certain confidence.