rails-security-backports 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. data/CHANGELOG.md +4 -0
  2. data/Gemfile.lock +1 -1
  3. data/lib/rails-security-backports/ruby-cve-backports/cve-2014-8090.rb +13 -0
  4. data/lib/rails-security-backports/version.rb +1 -1
  5. data/test/ruby-cve-2014-8090_test.rb +13 -0
  6. metadata +7 -4
data/CHANGELOG.md CHANGED
@@ -1,6 +1,10 @@
1
1
  # Change Log
2
2
  All notable changes to this project will be documented in this file.
3
3
 
4
+ ## 0.0.3 - 2015-01-22
5
+ ### Added
6
+ - Ruby: CVE-2014-8090
7
+
4
8
  ## 0.0.2 - 2014-11-03
5
9
  ### Changed
6
10
  - require rake 0.9.2 specifically, for full Ruby 1.8.6 compatibility
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rails-security-backports (0.0.2)
4
+ rails-security-backports (0.0.3)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/lib/rails-security-backports/ruby-cve-backports/cve-2014-8090.rb ADDED
@@ -0,0 +1,13 @@
1
+ # Fixes CVE-2014-8090 - https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
2
+
3
+ require 'rexml/document'
4
+
5
+ module REXML
6
+ class Document
7
+
8
+ def document
9
+ self
10
+ end
11
+
12
+ end
13
+ end
data/lib/rails-security-backports/version.rb CHANGED
@@ -2,7 +2,7 @@ module RailsSecurityBackports
2
2
  class Version
3
3
  MAJOR = 0
4
4
  MINOR = 0
5
- PATCH = 2
5
+ PATCH = 3
6
6
  STRING = "#{MAJOR}.#{MINOR}.#{PATCH}"
7
7
 
8
8
  class << self
data/test/ruby-cve-2014-8090_test.rb ADDED
@@ -0,0 +1,13 @@
1
+ require 'test/unit'
2
+ require 'rails-security-backports'
3
+
4
+ class RubyCve_2014_8090Test < Test::Unit::TestCase
5
+
6
+ # Unfortunately I was not able to find the test-case where this vulnerability exists.
7
+ # In my testing, the patch for ruby-cve-2008-3790 offered sufficient protection
8
+ # and also very closely matches the change in `REXML::Entity between 1.9.3-p484 & p551.
9
+ def test_no_tests_available
10
+ assert(true)
11
+ end
12
+
13
+ end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-security-backports
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 25
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 2
10
- version: 0.0.2
9
+ - 3
10
+ version: 0.0.3
11
11
  platform: ruby
12
12
  authors:
13
13
  - Marcos Wright Kuhns
@@ -70,10 +70,12 @@ files:
70
70
  - lib/rails-security-backports/rails-cve-backports/cve-2013-0277.rb
71
71
  - lib/rails-security-backports/ruby-cve-backports/cve-2008-3790.rb
72
72
  - lib/rails-security-backports/ruby-cve-backports/cve-2014-8080.rb
73
+ - lib/rails-security-backports/ruby-cve-backports/cve-2014-8090.rb
73
74
  - lib/rails-security-backports/version.rb
74
75
  - rails-security-backports.gemspec
75
76
  - test/ruby-cve-2008-3790_test.rb
76
77
  - test/ruby-cve-2014-8080_test.rb
78
+ - test/ruby-cve-2014-8090_test.rb
77
79
  has_rdoc: true
78
80
  homepage: https://github.com/metavida/rails-security-backports
79
81
  licenses:
@@ -83,7 +85,7 @@ rdoc_options:
83
85
  - --main
84
86
  - README.rdoc
85
87
  - --title
86
- - rails-security-backports-0.0.2
88
+ - rails-security-backports-0.0.3
87
89
  - --inline-source
88
90
  - --exclude
89
91
  - tasks
@@ -118,3 +120,4 @@ summary: Backports of security patches for Ruby & Rails
118
120
  test_files:
119
121
  - test/ruby-cve-2008-3790_test.rb
120
122
  - test/ruby-cve-2014-8080_test.rb
123
+ - test/ruby-cve-2014-8090_test.rb