oss-sec mailing list archives

Amended Patches for CVE-2014-3483 for Rails 4.x

From: Rafael Mendonça França <rafaelmfranca () gmail com>
Date: Wed, 2 Jul 2014 16:54:51 -0300

The original patches introduced a regression on the PostgreSQL Range
feature. This regression was only introduced to Rails 4.x. Rails 3.2 users
are not impacted.

I'm including a new version of the patches and an incremental version that
can be applied atop the previous patches.

* 4-1-postgres-sqli-amended.patch - Amended Patch for 4.1.2.
* 4-0-postgres-sqli-amended.patch - Amended Patch for 4.0.6.
* 4-1-postgres-sqli-incremental.patch - Incremental Patch for 4.1.3.
* 4-0-postgres-sqli-incremental.patch - Incremental Patch for 4.0.7.

Rafael Mendonça França
http://twitter.com/rafaelfranca
https://github.com/rafaelfranca

Attachment: 4-0-postgres-sqli-amended.patch
Description:

Attachment: 4-1-postgres-sqli-amended.patch
Description:

Attachment: 4-0-postgres-sqli-incremental.patch
Description:

Attachment: 4-1-postgres-sqli-incremental.patch
Description:

Current thread:

Amended Patches for CVE-2014-3483 for Rails 4.x Rafael Mendonça França (Jul 02)