Add patched version for CVE-2013-1656 #702
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
postmodern
requested changes
Aug 29, 2023
postmodern
requested changes
Aug 29, 2023
| @@ -22,3 +22,4 @@ patched_versions: | |||
| related: | |||
| url: | |||
| - https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed | |||
| - https://github.com/spree/spree/commit/70092eb55b8be8fe5d21a7658b62da658612fba7 | |||
There was a problem hiding this comment.
Suggested change
| - https://github.com/spree/spree/commit/70092eb55b8be8fe5d21a7658b62da658612fba7 | |
| - https://github.com/spree/spree/commit/70092eb55b8be8fe5d21a7658b62da658612fba7 |
There was a problem hiding this comment.
I think your editor is automatically adding the newline.
There was a problem hiding this comment.
@v0lck3r GitHub isn't allowing me to use the Suggested change. GitHub is claiming there is no difference between them, even though it's supposed to remove the last newline.
There was a problem hiding this comment.
@postmodern yeah I have no idea why is that !
There was a problem hiding this comment.
@postmodern tbh I see no extra line. the file is still 25 lines total after adding the new reference, compared to the 24 lines in the original file .
Can you double check please !
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on the following commit, which was found here, the patched version is
2.0.0.rc1.Aslo versions after
1.3.2and before2.0.0.rc1(aka1.3.3,1.3.4and1.3.5) do not contain updates for the files concerned (See for example payment_methods_controller.rb where the last update dates back to 2012, i.e. before the vulnerability was patched). Thus, we can say that the patched version is2.0.0.rc1with a certain confidence.