diff --git a/gems/actionpack/CVE-2023-22792.yml b/gems/actionpack/CVE-2023-22792.yml index 2eec40f528..0e38c99a9d 100644 --- a/gems/actionpack/CVE-2023-22792.yml +++ b/gems/actionpack/CVE-2023-22792.yml @@ -12,7 +12,7 @@ description: | Versions Affected: >= 3.0.0 Not affected: < 3.0.0 - Fixed Versions: 6.1.7.1, 7.0.4.1 + Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 # Impact @@ -32,5 +32,6 @@ description: | unaffected_versions: - "< 3.0.0" patched_versions: +- "~> 5.2.8, >= 5.2.8.15" # Rails LTS - "~> 6.1.7, >= 6.1.7.1" - ">= 7.0.4.1" diff --git a/gems/actionpack/CVE-2023-22795.yml b/gems/actionpack/CVE-2023-22795.yml index fb15536452..d8ceac4023 100644 --- a/gems/actionpack/CVE-2023-22795.yml +++ b/gems/actionpack/CVE-2023-22795.yml @@ -12,7 +12,7 @@ description: |- Versions Affected: All Not affected: None - Fixed Versions: 6.1.7.1, 7.0.4.1 + Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 # Impact @@ -32,5 +32,6 @@ description: |- Users on Ruby 3.2.0 or greater are not affected by this vulnerability. patched_versions: +- "~> 5.2.8, >= 5.2.8.15" # Rails LTS - "~> 6.1.7, >= 6.1.7.1" - ">= 7.0.4.1" diff --git a/gems/activerecord/CVE-2022-44566.yml b/gems/activerecord/CVE-2022-44566.yml index 57bf61caad..9666bfe069 100644 --- a/gems/activerecord/CVE-2022-44566.yml +++ b/gems/activerecord/CVE-2022-44566.yml @@ -13,7 +13,7 @@ description: | Versions Affected: All. Not affected: None. - Fixed Versions: 7.0.4.1, 6.1.7.1 + Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 # Impact @@ -28,5 +28,6 @@ description: | Ensure that user supplied input which is provided to ActiveRecord clauses do not contain integers wider than a signed 64bit representation or floats. patched_versions: +- "~> 5.2.8, >= 5.2.8.15" # Rails LTS - "~> 6.1.7, >= 6.1.7.1" - ">= 7.0.4.1" diff --git a/gems/activesupport/CVE-2023-22796.yml b/gems/activesupport/CVE-2023-22796.yml index 68bf20d682..778e972c11 100644 --- a/gems/activesupport/CVE-2023-22796.yml +++ b/gems/activesupport/CVE-2023-22796.yml @@ -12,7 +12,7 @@ description: |- Versions Affected: All Not affected: None - Fixed Versions: 6.1.7.1, 7.0.4.1 + Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 # Impact @@ -34,5 +34,6 @@ description: |- Users on Ruby 3.2.0 or greater may be able to reduce the impact by configuring Regexp.timeout. patched_versions: +- "~> 5.2.8, >= 5.2.8.15" # Rails LTS - "~> 6.1.7, >= 6.1.7.1" - ">= 7.0.4.1"