Date: Wed, 2 Jul 2014 16:54:51 -0300 From: Rafael Mendonça França <rafaelmfranca@...il.com> To: rubyonrails-security@...glegroups.com, ruby-security-ann@...glegroups.com, oss-security@...ts.openwall.com Subject: Amended Patches for CVE-2014-3483 for Rails 4.x The original patches introduced a regression on the PostgreSQL Range feature. This regression was only introduced to Rails 4.x. Rails 3.2 users are not impacted. I'm including a new version of the patches and an incremental version that can be applied atop the previous patches. * 4-1-postgres-sqli-amended.patch - Amended Patch for 4.1.2. * 4-0-postgres-sqli-amended.patch - Amended Patch for 4.0.6. * 4-1-postgres-sqli-incremental.patch - Incremental Patch for 4.1.3. * 4-0-postgres-sqli-incremental.patch - Incremental Patch for 4.0.7. Rafael Mendonça França http://twitter.com/rafaelfranca https://github.com/rafaelfranca Content of type "text/html" skipped Download attachment "4-0-postgres-sqli-amended.patch" of type "application/octet-stream" (4367 bytes) Download attachment "4-1-postgres-sqli-amended.patch" of type "application/octet-stream" (4556 bytes) Download attachment "4-0-postgres-sqli-incremental.patch" of type "application/octet-stream" (3031 bytes) Download attachment "4-1-postgres-sqli-incremental.patch" of type "application/octet-stream" (3078 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.