From 84440465401672a7af2fd8b6f9d8d9d5ea2f0dc8 Mon Sep 17 00:00:00 2001
From: Willem de Groot <gwillem@gmail.com>
Date: Mon, 28 Sep 2015 04:34:20 +0200
Subject: [PATCH 1/3] Limited scope of aw_blog SQL injection bug.

As was established by my colleagues who tested and downloaded all AW Blog versions <= 1.3.10.
https://www.byte.nl/blog/lek-aheadworks-blog-extensie-voor-magento
---
 connect20/aw_blog/CVE-2015-3428.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/connect20/aw_blog/CVE-2015-3428.yaml b/connect20/aw_blog/CVE-2015-3428.yaml
index 78c7a6a..38e5b26 100644
--- a/connect20/aw_blog/CVE-2015-3428.yaml
+++ b/connect20/aw_blog/CVE-2015-3428.yaml
@@ -4,5 +4,5 @@ cve:       CVE-2015-3428
 branches:
     1.x:
         time:     2015-05-27 12:00:00
-        versions: [<1.3]
+        versions: [1.3.8,1.3.9]
 reference: composer://connect20/aw_blog

From 01b1464d48411ea96aa725b8ecb9df2d86b3ed3c Mon Sep 17 00:00:00 2001
From: Willem de Groot <gwillem@gmail.com>
Date: Mon, 28 Sep 2015 04:49:02 +0200
Subject: [PATCH 2/3] Fixed syntax error

---
 connect20/aw_blog/CVE-2015-3428.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/connect20/aw_blog/CVE-2015-3428.yaml b/connect20/aw_blog/CVE-2015-3428.yaml
index 38e5b26..4b67570 100644
--- a/connect20/aw_blog/CVE-2015-3428.yaml
+++ b/connect20/aw_blog/CVE-2015-3428.yaml
@@ -4,5 +4,5 @@ cve:       CVE-2015-3428
 branches:
     1.x:
         time:     2015-05-27 12:00:00
-        versions: [1.3.8,1.3.9]
+        versions: [>=1.3.9,<1.3.10]
 reference: composer://connect20/aw_blog

From bef78f1f2d8a345a43458ce01d8aa0c2d1137c6d Mon Sep 17 00:00:00 2001
From: Willem de Groot <gwillem@gmail.com>
Date: Mon, 28 Sep 2015 04:51:45 +0200
Subject: [PATCH 3/3] 1.3.9 => 1.3.8

---
 connect20/aw_blog/CVE-2015-3428.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/connect20/aw_blog/CVE-2015-3428.yaml b/connect20/aw_blog/CVE-2015-3428.yaml
index 4b67570..5517117 100644
--- a/connect20/aw_blog/CVE-2015-3428.yaml
+++ b/connect20/aw_blog/CVE-2015-3428.yaml
@@ -4,5 +4,5 @@ cve:       CVE-2015-3428
 branches:
     1.x:
         time:     2015-05-27 12:00:00
-        versions: [>=1.3.9,<1.3.10]
+        versions: [>=1.3.8,<1.3.10]
 reference: composer://connect20/aw_blog