From 610f39e991a8468a92af13bf2f8265b9c0221786 Mon Sep 17 00:00:00 2001
From: Dennis Schubert <mail@dennis-schubert.de>
Date: Wed, 29 Mar 2017 22:25:18 +0200
Subject: [PATCH] Bump nokogiri for a security release

---
 Changelog.md | 4 ++++
 Gemfile      | 2 +-
 Gemfile.lock | 4 ++--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Changelog.md b/Changelog.md
index b360d79b8..e32666734 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,3 +1,7 @@
+# 0.6.4.1
+
+Fixes a possible Remote Code Execution ([CVE-2016-4658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658)) and a possible DoS ([CVE-2016-5131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131)) by updating Nokogiri, which in turn updates libxml2.
+
 # 0.6.4.0
 
 ## Refactor
diff --git a/Gemfile b/Gemfile
index aa5951a1f..6db6ec2c8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -132,7 +132,7 @@ gem "leaflet-rails",       "0.7.7"
 
 # Parsing
 
-gem "nokogiri",          "1.7.0.1"
+gem "nokogiri",          "1.7.1"
 gem "open_graph_reader", "0.6.2" # also update User-Agent in features/support/webmock.rb
 gem "redcarpet",         "3.4.0"
 gem "ruby-oembed",       "0.10.1"
diff --git a/Gemfile.lock b/Gemfile.lock
index 562226990..880e2415f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -395,7 +395,7 @@ GEM
     nenv (0.3.0)
     nested_form (0.3.2)
     nio4r (2.0.0)
-    nokogiri (1.7.0.1)
+    nokogiri (1.7.1)
       mini_portile2 (~> 2.1.0)
     notiffany (0.1.1)
       nenv (~> 0.1)
@@ -845,7 +845,7 @@ DEPENDENCIES
   minitest
   mobile-fu (= 1.3.1)
   mysql2 (= 0.4.5)
-  nokogiri (= 1.7.0.1)
+  nokogiri (= 1.7.1)
   omniauth (= 1.4.2)
   omniauth-facebook (= 4.0.0)
   omniauth-tumblr (= 1.2)