Bug 1313832
Summary: | Upgrade rails to 4.1.14.2 | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Tomer Brisker <tbrisker> |
Component: | Provisioning | Assignee: | Tomer Brisker <tbrisker> |
Status: | CLOSED ERRATA | QA Contact: | sthirugn <sthirugn> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0.4 | CC: | bbuckingham, cwelton, ehelms, sthirugn |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | http://projects.theforeman.org/issues/13977 | ||
Whiteboard: | |||
Fixed In Version: | x | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-07-27 09:03:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomer Brisker
2016-03-02 12:23:39 UTC
Created from redmine issue http://projects.theforeman.org/issues/13977 Failed in satellite-6.2.0-6.2.beta.el7sat.noarch Version found in this install is rh-ror41-rubygem-rails-4.1.5-3.el7.noarch I dont find the CVEs (CVE-2016-2097, CVE-2016-2098) mentioned in this bug in the changelog: # rpm -q --changelog rh-ror41-rubygem-rails | grep CVE - New version (fixes CVE-2008-4094) Upstream bug component is Provisioning Looks like the rails packaging has not been updated to use the correct version that is set in the gemfile. See also my comment on https://bugzilla.redhat.com/show_bug.cgi?id=1325632 Eric - any idea why this happened? Upstream bug assigned to tbrisker Upstream bug component is Provisioning These CVEs have been applied in a different gem (one of rails' dependencies) - rh-ror41-rubygem-actionview Please retest. Verified in satellite-6.2.0-7.0.beta.el7sat.noarch # rpm -q --changelog rh-ror41-rubygem-actionview | grep CVE Resolves: CVE-2016-2097 Resolves: CVE-2016-2098 - Resolves: CVE-2016-0752 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1500 |