1 files changed, 15 insertions, 1 deletions

diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec
index 61e6799..b76cdd8 100644
--- a/rubygem-actionpack.spec
+++ b/rubygem-actionpack.spec
@@ -7,7 +7,7 @@ Summary: Web-flow and rendering framework putting the VC in MVC
 Name: rubygem-%{gem_name}
 Epoch: 1
 Version: 3.0.11
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: Development/Languages
 License: MIT
 URL: http://www.rubyonrails.org
@@ -36,6 +36,14 @@ Patch2: actionpack-tests-fix.patch
 
 Patch3: actionpack-downgrade-dependencies.patch
 
+# Fixes CVE-2012-1098
+# https://bugzilla.redhat.com/show_bug.cgi?id=799275
+Patch4: actionpack-safe-buffer-slice-fix.patch
+
+# Fixes CVE-2012-1099
+# https://bugzilla.redhat.com/show_bug.cgi?id=799276
+Patch5: actionpack-select-options-XSS-fix.patch
+
 Requires: ruby(rubygems)
 Requires: rubygem(activesupport) = %{version}
 Requires: rubygem(activemodel) = %{version}
@@ -94,6 +102,8 @@ pushd .%{gem_instdir}
 %patch0 -p0
 %patch1 -p0
 %patch2 -p0
+%patch4 -p2
+%patch5 -p2
 
 # create missing symlink
 pushd test/fixtures/layout_tests/layouts/
@@ -165,6 +175,10 @@ rake test --trace
 
 
 %changelog
+* Tue Mar 06 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1:3.0.11-2
+- Fix for CVE-2012-1098.
+- Fix for CVE-2012-1099.
+
 * Tue Jan 31 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1:3.0.11-1
 - Rebuilt for Ruby 1.9.3.
 - Updated to ActionPack 3.0.11.