search

fhsav / clock

The clock for Farmington High School.
http://fhsclock.com
Other
12 stars 2 forks source link

Update to patched versions of depedencies #315

Closed ethnt closed 11 years ago

ethnt commented 11 years ago

Running bundle-audit returns:

Name: json
Version: 1.7.5
CVE: 2013-0269
Criticality: High
URL: http://direct.osvdb.org/show/osvdb/90074
Title: Ruby on Rails JSON Gem Arbitrary Symbol Creation Remote DoS
Solution: upgrade to ~> 1.5.4, ~> 1.6.7, >= 1.7.7

Name: mail
Version: 2.3.3
CVE: 2012-2140
Criticality: High
URL: http://www.osvdb.org/show/osvdb/81632
Title: Mail Gem for Ruby Multiple Delivery Method Remote Shell Command Executio
Solution: upgrade to >= 2.4.4

Name: mail
Version: 2.3.3
CVE: 2012-2139
Criticality: Medium
URL: http://www.osvdb.org/show/osvdb/81631
Title: Mail Gem for Ruby File Delivery Method to Parameter Traversal Arbitrary File Manipulation
Solution: upgrade to >= 2.4.4

Name: rack
Version: 1.4.1
CVE: 2013-0263
Criticality: High
URL: http://osvdb.org/show/osvdb/89939
Title: Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution 
Solution: upgrade to ~> 1.1.6, ~> 1.2.8, ~> 1.3.10, ~> 1.4.5, >= 1.5.2

Unpatched versions found!
ethnt commented 11 years ago

Still need to pull in changes in production.