Name: nokogiri

Version: 1.6.6.1
Advisory: CVE-2015-1819
Criticality: Unknown
URL: sparklemotion/nokogiri#1374
Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4

Name: nokogiri
Version: 1.6.6.1
Advisory: CVE-2015-8806
Criticality: Unknown
URL: sparklemotion/nokogiri#1473
Title: Denial of service or RCE from libxml2 and libxslt
Solution: upgrade to >= 1.6.8

Name: nokogiri
Version: 1.6.6.1
Advisory: CVE-2015-7499
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
Title: Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2
Solution: upgrade to >= 1.6.7.2

Name: nokogiri
Version: 1.6.6.1
Advisory: CVE-2015-5312
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
Title: Nokogiri gem contains several vulnerabilities in libxml2
Solution: upgrade to >= 1.6.7.1

Gemfile.lock

@@ -184,7 +184,7 @@ GEM
       ambry (~> 0.3.0)
     method_source (0.8.2)
     mime-types (2.99.3)
-    mini_portile (0.6.2)
+    mini_portile2 (2.1.0)
     minitest (5.8.3)
     mongoid (4.0.2)
       activemodel (~> 4.0)
@@ -219,8 +219,9 @@ GEM
     nested_form (0.3.2)
     netrc (0.11.0)
     ng-rails-csrf (0.1.0)
-    nokogiri (1.6.6.1)
-      mini_portile (~> 0.6.0)
+    nokogiri (1.6.8)
+      mini_portile2 (~> 2.1.0)
+      pkg-config (~> 1.1.7)
     optionable (0.2.0)
     origin (2.1.1)
     orm_adapter (0.5.0)
@@ -233,6 +234,7 @@ GEM
       ast (>= 1.1, < 3.0)
     patron (0.4.18)
     phantomjs (1.9.8.0)
+    pkg-config (1.1.7)
     poltergeist (1.5.1)
       capybara (~> 2.1)
       cliver (~> 0.3.1)