Use optimistic version constraint for Rails-related CVEs

Daniel Carral · Daniel Carral · commit 81cf4b287899 · 2016-03-09T20:51:29.000+01:00
Fix issues #244 & #140 following the approach @reedloden applied @ 782f008 The idea is to white-list the recently released v4.2.6 Rails version.
diff --git a/gems/actionpack/CVE-2015-7576.yml b/gems/actionpack/CVE-2015-7576.yml
@@ -111,6 +111,6 @@ description: |
 
 patched_versions:
   - "~> 5.0.0.beta1.1"
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
   - "~> 3.2.22.1"
diff --git a/gems/actionpack/CVE-2015-7581.yml b/gems/actionpack/CVE-2015-7581.yml
@@ -51,5 +51,5 @@ unaffected_versions:
   - ">= 5.0.0.beta1"
 
 patched_versions:
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
diff --git a/gems/actionpack/CVE-2016-0751.yml b/gems/actionpack/CVE-2016-0751.yml
@@ -66,6 +66,6 @@ description: |
 
 patched_versions:
   - "~> 5.0.0.beta1.1"
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
   - "~> 3.2.22.1"
diff --git a/gems/actionview/CVE-2016-0752.yml b/gems/actionview/CVE-2016-0752.yml
@@ -87,6 +87,6 @@ description: |
 
 patched_versions:
   - "~> 5.0.0.beta1.1"
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
   - "~> 3.2.22.1"
diff --git a/gems/activemodel/CVE-2016-0753.yml b/gems/activemodel/CVE-2016-0753.yml
@@ -88,5 +88,5 @@ unaffected_versions:
 
 patched_versions:
   - "~> 5.0.0.beta1.1"
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
diff --git a/gems/activerecord/CVE-2015-7577.yml b/gems/activerecord/CVE-2015-7577.yml
@@ -102,6 +102,6 @@ unaffected_versions:
 
 patched_versions:
   - "~> 5.0.0.beta1.1"
-  - "~> 4.2.5.1" 
+  - ">= 4.2.5.1"
   - "~> 4.1.14.1"
   - "~> 3.2.22.1"
