diff options
| author | swills <swills@FreeBSD.org> | 2012-08-10 10:50:53 +0800 |
|---|---|---|
| committer | swills <swills@FreeBSD.org> | 2012-08-10 10:50:53 +0800 |
| commit | e58bf4d17a49e2080c1b2cebeb8ab2740a944342 (patch) | |
| tree | decccec25f76556cf3945f6d047c17c68bef6ae2 /security | |
| parent | 1759c23966ac2f20a2a0033263b4473f6364df82 (diff) | |
| download | freebsd-ports-gnome-e58bf4d17a49e2080c1b2cebeb8ab2740a944342.tar.gz freebsd-ports-gnome-e58bf4d17a49e2080c1b2cebeb8ab2740a944342.tar.zst freebsd-ports-gnome-e58bf4d17a49e2080c1b2cebeb8ab2740a944342.zip | |
- Update rails and friends to 3.2.8
- Document security issue in 3.2.7 [1]
Submitted by: bdrewery [1]
Reviewed by: swills [1]
Security: 31db9a18-e289-11e1-a57d-080027a27dbf
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0df00e6b0d3f..767df7e8dabb 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,51 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="31db9a18-e289-11e1-a57d-080027a27dbf"> + <topic>rubygem-rails -- multiple vulnerabilities</topic> + <affects> + <package> + <name>rubygem-rails</name> + <range><lt>3.2.8</lt></range> + </package> + <package> + <name>rubygem-actionpack</name> + <range><lt>3.2.8</lt></range> + </package> + <package> + <name>rubygem-activesupport</name> + <range><lt>3.2.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Rails core team reports:</p> + <blockquote cite="http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/"> + <p>This version contains three important security fixes, please upgrade immediately.</p> + <p>One of security fixes impacts all users and is related to HTML escaping code. The + other two fixes impacts people using select_tag's prompt option and strip_tags + helper from ActionPack.</p> + <p>CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt.</p> + <p>CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code.</p> + <p>CVE-2012-3465 XSS Vulnerability in strip_tags.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-3463</cvename> + <cvename>CVE-2012-3464</cvename> + <cvename>CVE-2012-3465</cvename> + <url>https://groups.google.com/d/msg/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ</url> + <url>https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J</url> + <url>https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J</url> + <url>http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/</url> + </references> + <dates> + <discovery>2012-08-08</discovery> + <entry>2012-08-10</entry> + </dates> + </vuln> + <vuln vid="8675efd5-e22c-11e1-a808-002354ed89bc"> <topic>sudosh -- buffer overflow</topic> <affects> |