Ubuntu
rails package

rails 2.2.3-2ubuntu0.1 source package in Ubuntu

Changelog

rails (2.2.3-2ubuntu0.1) lucid-security; urgency=low

   * SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in
     the mail_to helper
     - backported fix from upstream:
       actionpack/test/template/url_helper_test.rb
       actionpack/lib/action_view/helpers/url_helper.rb
     - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81
     - CVE-2011-0446
     - LP: #870846
   * SECURITY UPDATE: rails does not properly validate HTTP requests that
     contain an X-Requested-With header
     - patch from upstream:
       actionpack/test/controller/request_forgery_protection_test.rb
       actionpack/lib/action_view/helpers.rb
       actionpack/lib/action_view/helpers/csrf_helper.rb
       actionpack/lib/action_controller/request_forgery_protection.rb
     - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665
     - CVE-2011-0447
   * SECURITY UPDATE: multiple SQL injection vulnerabilities in the
     quote_table_name method in the ActiveRecord adapters
     - patch from upstream:
       activerecord/test/cases/base_test.rb
       activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
       activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb
     - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
     - CVE-2011-2930
   * SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the
     strip_tags helper
     - patch from upstream:
       actionpack/test/controller/html-scanner/sanitizer_test.rb
       actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
     - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
     - CVE-2011-2931
   * SECURITY UPDATE: cross-site scripting vulnerability which allows remote
     attackers to inject arbitrary web script or HTML via a malformed Unicode string
     - backported fix from upstream:
       actionpack/lib/action_view/template_handlers/erb.rb
       actionpack/test/template/erb_util_test.rb
     - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
     - CVE-2011-2932
   * SECURITY UPDATE: response splitting vulnerability
     - patch from upstream:
       actionpack/test/controller/content_type_test.rb
       actionpack/lib/action_controller/response.rb
     - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
     - CVE-2011-3186
 -- Felix Geyer <email address hidden>   Sat, 08 Oct 2011 17:26:54 +0200

Upload details

Uploaded by:
Felix Geyer
Sponsored by:
Marc Deslauriers
Uploaded to:
Lucid
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
ruby
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Lucid: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
rails_2.2.3.orig.tar.gz 2.9 MiB c79b0690d8079bea4fab3c7f01c73b5cc1bf6678d967c740ed0aac61789e8ba7
rails_2.2.3-2ubuntu0.1.diff.gz 19.6 KiB 64cdae9065c3fc19251c6ee8bd860bbed2a56d64a8c9a373f9e057db1a386a90
rails_2.2.3-2ubuntu0.1.dsc 2.0 KiB 4e66f08eb75ee1cee2d7845c6a168afdb4974f514e830c13bc3623aed5048f1b

View changes file

Binary packages built by this source

rails: No summary available for rails in ubuntu lucid.

No description available for rails in ubuntu lucid.