From e58bf4d17a49e2080c1b2cebeb8ab2740a944342 Mon Sep 17 00:00:00 2001 From: swills Date: Fri, 10 Aug 2012 02:50:53 +0000 Subject: - Update rails and friends to 3.2.8 - Document security issue in 3.2.7 [1] Submitted by: bdrewery [1] Reviewed by: swills [1] Security: 31db9a18-e289-11e1-a57d-080027a27dbf --- security/vuxml/vuln.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0df00e6b0d3f..767df7e8dabb 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,51 @@ Note: Please add new entries to the beginning of this file. --> + + rubygem-rails -- multiple vulnerabilities + + + rubygem-rails + 3.2.8 + + + rubygem-actionpack + 3.2.8 + + + rubygem-activesupport + 3.2.8 + + + + +

Rails core team reports:

+
+

This version contains three important security fixes, please upgrade immediately.

+

One of security fixes impacts all users and is related to HTML escaping code. The + other two fixes impacts people using select_tag's prompt option and strip_tags + helper from ActionPack.

+

CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt.

+

CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code.

+

CVE-2012-3465 XSS Vulnerability in strip_tags.

+
+ + + + CVE-2012-3463 + CVE-2012-3464 + CVE-2012-3465 + https://groups.google.com/d/msg/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ + https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J + https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J + http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/ + + + 2012-08-08 + 2012-08-10 + + + sudosh -- buffer overflow -- cgit n> FreeBSD GNOME current development ports (https://github.com/freebsd/freebsd-ports-gnome)
aboutsummaryrefslogtreecommitdiffstats
path: root/shells/fd/distinfo
Commit message (Expand)AuthorAgeFilesLines
* Update to 3.01jAkinori MUSHA2019-10-241-3/+3
* Update to 3.01hAkinori MUSHA2018-12-251-3/+3