Changelog
rails (2.2.3-2ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in
the mail_to helper
- backported fix from upstream:
actionpack/test/template/url_helper_test.rb
actionpack/lib/action_view/helpers/url_helper.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81
- CVE-2011-0446
- LP: #870846
* SECURITY UPDATE: rails does not properly validate HTTP requests that
contain an X-Requested-With header
- patch from upstream:
actionpack/test/controller/request_forgery_protection_test.rb
actionpack/lib/action_view/helpers.rb
actionpack/lib/action_view/helpers/csrf_helper.rb
actionpack/lib/action_controller/request_forgery_protection.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665
- CVE-2011-0447
* SECURITY UPDATE: multiple SQL injection vulnerabilities in the
quote_table_name method in the ActiveRecord adapters
- patch from upstream:
activerecord/test/cases/base_test.rb
activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
- CVE-2011-2930
* SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the
strip_tags helper
- patch from upstream:
actionpack/test/controller/html-scanner/sanitizer_test.rb
actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
- CVE-2011-2931
* SECURITY UPDATE: cross-site scripting vulnerability which allows remote
attackers to inject arbitrary web script or HTML via a malformed Unicode string
- backported fix from upstream:
actionpack/lib/action_view/template_handlers/erb.rb
actionpack/test/template/erb_util_test.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
- CVE-2011-2932
* SECURITY UPDATE: response splitting vulnerability
- patch from upstream:
actionpack/test/controller/content_type_test.rb
actionpack/lib/action_controller/response.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
- CVE-2011-3186
-- Felix Geyer <email address hidden> Sat, 08 Oct 2011 17:26:54 +0200