RubyGems - dawnscanner - Versions diffs - 1.6.4 → 1.6.5 - Mend

dawnscanner 1.6.4 → 1.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +3 -3
data/Changelog.md +6 -0
data/README.md +1 -1
data/VERSION +1 -1
data/checksum/dawnscanner-1.6.4.gem.sha1 +1 -0
data/code_of_conduct.md +1 -1
data/lib/dawn/kb/cve_2014_2538.rb +2 -2
data/lib/dawn/version.rb +4 -4
data/spec/lib/kb/cve_2014_2538_spec.rb +4 -4
metadata +4 -3
metadata.gz.sig +0 -0

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1770d53c5bcc2080977c8b8f7521992f44476e3d
-  data.tar.gz: 88228854cf954cbfc41987386911f8e4a0676f56
+  metadata.gz: 0ce6cb500c1349a538cfc5f24e7f890d53e36acf
+  data.tar.gz: 2ac0fc78293cfdf85aaa143d72c9204148c6313f
 SHA512:
-  metadata.gz: 2d2178017f290351bd071b625a21ca3459acae8af3d9bd535f53cbd2a16d7fca2bcebfb47c224f14d495257b6f99ee27f304c9c8c407826fcc4a730f5085d284
-  data.tar.gz: 73a7d4485773cfb82e8b8a09a5eacd1c985c4d36fc359d86d5a6773f1ebba0be4c01af2927dc398bbec3f0177e44a440daa21ea69b1594434005c73f94e5db82
+  metadata.gz: f754ff1ee23e8d46b97af3d2141f3d024efe4f5aa0a1ff3ddc03be6bb9b0d42265ee3b475700c02246211e3bb71951b78b1f623fab85d517b1da1affbea2addf
+  data.tar.gz: 7fa6f07e3845f660ba07b525f036f2e9bc8081f534e43e3a07c375c2c86fb04424394d7f72453a65a24c40af33bcd3fb98eb4cca147a4f51ed434d899936ae5a

checksums.yaml.gz.sig CHANGED

Binary file

data.tar.gz.sig CHANGED

@@ -1,3 +1,3 @@
-E/��W��D[��4�����z�:�Q�0��Sü]��&��=V�y�\��:��a����⌈1|�s�p�߆\
-*��
-��[Pe~Y�eAd~�	���
+�'D5��x&����R;A&�:'Jc�#N~�`������p�
+�������)ܢY�D%|2�;�1��0�>�,�yK_�a�d^+���u12�H[IC����>AX�~)�c���s�l�Vo#�����)�h���n�Y;V0���b���^�&Ȗ�ÓoܿA��sK��Vp�����@joVmc�~2a�|�SK6¿(}���������m��H��bvk݈ߗ�6�C����c)�R�W�776(��
+}��V�s��

data/Changelog.md CHANGED

@@ -7,6 +7,12 @@ frameworks.
 _latest update: Tue Sep 27 23:32:32 CEST 2016_
+## Version 1.6.5 - codename: Tow Mater (2016-09-30)
+* Issue #212 - CVE-2014-2538 is marked as being vulnerable to rack-ssl 1.3.4.
+  The check was triggered for rack-ssl version < 1.4.0. However 1.3.4 is marked
+  as safe, so the check has to be changed as well.
 ## Version 1.6.4 - codename: Tow Mater (2016-09-27)
 * Issue #199 - CVE-2015-4020 seems to give the wrong Solution

data/README.md CHANGED

@@ -24,7 +24,7 @@ box:
 ---
-dawnscanner version 1.6.2 has 229 security checks loaded in its knowledge
+dawnscanner version 1.6.4 has 229 security checks loaded in its knowledge
 base. Most of them are CVE bulletins applying to gems or the ruby interpreter
 itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.

data/VERSION CHANGED

@@ -12,4 +12,4 @@
 # |   "Guido"       |  x.x.0  |
 # |   "Luigi"       |  x.x.0  |
 # | "Doc Hudson"    |  x.x.0  |
-1.6.4 - Tow Mater
+1.6.5 - Tow Mater

data/checksum/dawnscanner-1.6.4.gem.sha1 ADDED

	@@ -0,0 +1 @@
1	+ 48c66fae96ae125e6f9aa386b68a346c65fb1a0c

data/code_of_conduct.md CHANGED

@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
 ## Enforcement
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at [INSERT EMAIL ADDRESS]. All
+reported by contacting the project team at paolo@dawnscanner.org. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.

data/lib/dawn/kb/cve_2014_2538.rb CHANGED

@@ -15,11 +15,11 @@
             :applies=>["rails"],
             :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
             :message=>message,
-            :mitigation=>"A new version for rack-ssl version it has been released. Pleas upgrade at least to version 1.4.0 or higher.",
+            :mitigation=>"A new version for rack-ssl version it has been released. Pleas upgrade at least to version 1.3.4 or higher.",
             :aux_links=>["http://seclists.org/oss-sec/2014/q1/594"]
            })
-           self.safe_dependencies = [{:name=>"rack-ssl", :version=>['1.4.0']}]
+           self.safe_dependencies = [{:name=>"rack-ssl", :version=>['1.3.4']}]
 				end
 			end
 		end

data/lib/dawn/version.rb CHANGED

@@ -1,7 +1,7 @@
 module Dawn
-    VERSION = "1.6.4"
+    VERSION = "1.6.5"
     CODENAME = "Tow Mater"
-    RELEASE = "20160927"
-    BUILD = "9"
-    COMMIT = "gbd3c8ff"
+    RELEASE = "20160930"
+    BUILD = "5"
+    COMMIT = "g0d1f45a"
 end

data/spec/lib/kb/cve_2014_2538_spec.rb CHANGED

@@ -4,12 +4,12 @@ describe "The CVE-2014-2538 vulnerability" do
 		@check = Dawn::Kb::CVE_2014_2538.new
 		# @check.debug = true
 	end
-  it "is reported when rack-ssl vulnerable version it has been found (1.3.9)" do
-    @check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.9'}]
+  it "is reported when rack-ssl vulnerable version it has been found (1.3.2)" do
+    @check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.2'}]
     expect(@check.vuln?).to   eq(true)
   end
-  it "is reported when rack-ssl not vulnerable version it has been found (1.4.0)" do
-    @check.dependencies = [{:name=>'rack-ssl', :version=>'1.4.0'}]
+  it "is reported when rack-ssl not vulnerable version it has been found (1.3.4)" do
+    @check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.4'}]
     expect(@check.vuln?).to   eq(false)
   end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dawnscanner
 version: !ruby/object:Gem::Version
-  version: 1.6.4
+  version: 1.6.5
 platform: ruby
 authors:
 - Paolo Perego
@@ -30,7 +30,7 @@ cert_chain:
   jm6Bw8fGx65GCWIdgMhH/P0icixcnyrnotnnOrEcmPudIlgEN9qaUYcguOfFBhTH
   1sGpM7KzrYHU8qJJPrdaX0ezIDL4cN/kA/DxYTfUiMw=
   -----END CERTIFICATE-----
-date: 2016-09-27 00:00:00.000000000 Z
+date: 2016-09-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cvss
@@ -319,6 +319,7 @@ files:
 - checksum/dawnscanner-1.6.1.gem.sha1
 - checksum/dawnscanner-1.6.2.gem.sha1
 - checksum/dawnscanner-1.6.3.gem.sha1
+- checksum/dawnscanner-1.6.4.gem.sha1
 - code_of_conduct.md
 - dawnscanner.gemspec
 - doc/dawn_1_0_announcement.md
@@ -723,7 +724,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.5.1
 signing_key:
 specification_version: 4
 summary: Dawnscanner is a security source code scanner for ruby powered code. It is

metadata.gz.sig CHANGED

Binary file